ГлавнаяУязвимости → CVE-2025-35451
9.8критическая

CVE-2025-35451

Описание

PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use hard-coded, default administrative credentials. The passwords can readily be cracked. Many cameras have SSH or telnet listening on all interfaces. The passwords cannot be changed by the user, nor can the SSH or telnet service be disabled by the user.

Затрагиваемое ПО
Ptzoptics Pt12x-sdi-xx-g2 firmwarePtzoptics Pt12x-sdi-xx-g2Ptzoptics Pt12x-ndi-xx firmwarePtzoptics Pt12x-ndi-xxPtzoptics Pt12x-usb-xx-g2 firmwarePtzoptics Pt12x-usb-xx-g2Ptzoptics Pt20x-sdi-xx-g2 firmwarePtzoptics Pt20x-sdi-xx-g2Ptzoptics Pt20x-ndi-xx firmwarePtzoptics Pt20x-ndi-xxPtzoptics Pt20x-usb-xx-g2 firmwarePtzoptics Pt20x-usb-xx-g2Ptzoptics Pt30x-sdi-xx-g2 firmwarePtzoptics Pt30x-sdi-xx-g2Ptzoptics Pt30x-ndi-xx firmwarePtzoptics Pt30x-ndi-xxPtzoptics Pt12x-zcam firmwarePtzoptics Pt12x-zcamPtzoptics Pt20x-zcam firmwarePtzoptics Pt20x-zcamPtzoptics Ptvl-zcam firmwarePtzoptics Ptvl-zcamPtzoptics Pteptz-zcam-g2 firmwarePtzoptics Pteptz-zcam-g2Ptzoptics Pteptz-ndi-zcam-g2 firmware
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-162-10.jsonhttps://www.cisa.gov/news-events/ics-advisories/icsa-25-162-10https://www.cve.org/CVERecord?id=CVE-2025-35451https://www.greynoise.io/blog/greynoise-intelligence-discovers-zero-day-vulnerabilities-in-live-streaming-cameras-with-the-help-of-aihttps://www.labs.greynoise.io/grimoire/2024-10-31-sift-0-day-rce/