CVE-2025-35452
PTZOptics, ValueHD · Pan-tilt-zoom cameras
PTZOptics and ValueHD-based cameras are vulnerable to unauthorized access due to the use of default, shared administrative credentials.
Executive summary
The use of default, shared credentials in PTZOptics and ValueHD-based cameras enables unauthorized administrative access to sensitive device controls.
Vulnerability
The devices utilize hardcoded or default shared credentials for the administrative web interface. An unauthenticated attacker with network access can leverage these credentials to gain full administrative control over the camera.
Business impact
Unauthorized access to camera hardware allows attackers to monitor physical spaces, manipulate video feeds, or potentially use the devices as entry points into the internal network. With a CVSS score of 9.8, the ability for remote, unauthenticated takeover presents a severe security risk to physical and digital infrastructure.
Remediation
Immediate Action: Change the default administrative password immediately and ensure unique, complex credentials are set for every device.
Proactive Monitoring: Monitor network traffic for unauthorized access attempts to camera web interfaces and audit administrative login activity.
Compensating Controls: Place camera management interfaces on isolated management VLANs and restrict access via firewall rules to known, authorized IP addresses.
Exploitation status
Public Exploit Available: Not specified
Analyst recommendation
Default credentials are a primary target for automated botnets and malicious actors. It is imperative that all affected camera units be updated with unique, strong passwords and isolated from public or untrusted network segments to prevent unauthorized access.