Unrated severityNVD Advisory· Published Sep 5, 2025· Updated Sep 8, 2025

Pan-Tilt-Zoom cameras hard-coded default passwords with SSH and telnet enabled

CVE-2025-35451

Description

PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use hard-coded, default administrative credentials. The passwords can readily be cracked. Many cameras have SSH or telnet listening on all interfaces. The passwords cannot be changed by the user, nor can the SSH or telnet service be disabled by the user.

Affected products

Ptzoptics/Pt20x USB Xxv5
Range: 0
Ptzoptics/Pt12x 4k Xx G3v5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-162-10.jsonmitre
www.cisa.gov/news-events/ics-advisories/icsa-25-162-10mitre
www.cve.org/CVERecordmitre
www.greynoise.io/blog/greynoise-intelligence-discovers-zero-day-vulnerabilities-in-live-streaming-cameras-with-the-help-of-aimitre
www.labs.greynoise.io/grimoire/2024-10-31-sift-0-day-rce/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000