CVE-2025-35452

PTZOptics, ValueHD · Pan-tilt-zoom cameras

PTZOptics and ValueHD-based cameras are vulnerable to unauthorized access due to the use of default, shared administrative credentials.

Executive summary

The use of default, shared credentials in PTZOptics and ValueHD-based cameras enables unauthorized administrative access to sensitive device controls.

Vulnerability

The devices utilize hardcoded or default shared credentials for the administrative web interface. An unauthenticated attacker with network access can leverage these credentials to gain full administrative control over the camera.

Business impact

Unauthorized access to camera hardware allows attackers to monitor physical spaces, manipulate video feeds, or potentially use the devices as entry points into the internal network. With a CVSS score of 9.8, the ability for remote, unauthenticated takeover presents a severe security risk to physical and digital infrastructure.

Remediation

Immediate Action: Change the default administrative password immediately and ensure unique, complex credentials are set for every device.

Proactive Monitoring: Monitor network traffic for unauthorized access attempts to camera web interfaces and audit administrative login activity.

Compensating Controls: Place camera management interfaces on isolated management VLANs and restrict access via firewall rules to known, authorized IP addresses.

Exploitation status

Public Exploit Available: Not specified

Analyst recommendation

Default credentials are a primary target for automated botnets and malicious actors. It is imperative that all affected camera units be updated with unique, strong passwords and isolated from public or untrusted network segments to prevent unauthorized access.