CVE-2025-35451
Pan-Tilt-Zoom cameras hard-coded default passwords with SSH and telnet enabled
PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use hard-coded, default administrative credentials. The passwords can readily be cracked. Many cameras have SSH or telnet listening on all interfaces. The passwords cannot be changed by the user, nor can the SSH or telnet service be disabled by the user.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Productos afectados
multiCAM Systems · Pan-Tilt-Zoom CamerasPTZOptics · 12x Fixed Camera/NDI Fixed CameraPTZOptics · 20x Fixed Camera/NDI Fixed CameraPTZOptics · EPTZ Fixed Camera/NDI Fixed CameraPTZOptics · HC-EPTZ-NDIPTZOptics · PT12X-4K-xx-G3PTZOptics · PT12X-LINK-4K-xxPTZOptics · PT12X-SDI/NDI-xxPTZOptics · PT12X-SE-xx-G3PTZOptics · PT12X-STUDIO-4K-xx-G3PTZOptics · PT12X-USB-xxPTZOptics · PT20X-4K-xx-G3PTZOptics · PT20X-LINK-4K-xxPTZOptics · PT20X-SDI/NDI-xxPTZOptics · PT20X-SE-xx-G3PTZOptics · PT20X-STUDIO-4K-xx-G3PTZOptics · PT20X-USB-xxPTZOptics · PT30X-4K-xx-G3PTZOptics · PT30X-LINK-4K-xxPTZOptics · PT30X-SDI/NDI-xxPTZOptics · PT30X-SE-xx-G3PTZOptics · PT-STUDIOPROPTZOptics · VL Fixed Camera/NDI Fixed CameraSMTAV · Pan-Tilt-Zoom CamerasValueHD · Pan-Tilt-Zoom Cameras¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-162-10.jsonhttps://www.cisa.gov/news-events/ics-advisories/icsa-25-162-10https://www.cve.org/CVERecord?id=CVE-2025-35451https://www.greynoise.io/blog/greynoise-intelligence-discovers-zero-day-vulnerabilities-in-live-streaming-cameras-with-the-help-of-aihttps://www.labs.greynoise.io/grimoire/2024-10-31-sift-0-day-rce/