CVE-2025-35451

CRITICAL
Published Sep 5, 2025 Modified Jan 14, 2026 CWE-798

Description

PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use hard-coded, default administrative credentials. The passwords can readily be cracked. Many cameras have SSH or telnet listening on all interfaces. The passwords cannot be changed by the user, nor can the SSH or telnet service be disabled by the user.

CVSS v3.1 Score

9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness Type (CWE)

CWE-798 CWE-798

Affected Products

Vendor Product
ptzoptics pt12x-sdi-xx-g2_firmware
ptzoptics pt12x-sdi-xx-g2
ptzoptics pt12x-ndi-xx_firmware
ptzoptics pt12x-ndi-xx
ptzoptics pt12x-usb-xx-g2_firmware
ptzoptics pt12x-usb-xx-g2
ptzoptics pt20x-sdi-xx-g2_firmware
ptzoptics pt20x-sdi-xx-g2
ptzoptics pt20x-ndi-xx_firmware
ptzoptics pt20x-ndi-xx
ptzoptics pt20x-usb-xx-g2_firmware
ptzoptics pt20x-usb-xx-g2
ptzoptics pt30x-sdi-xx-g2_firmware
ptzoptics pt30x-sdi-xx-g2
ptzoptics pt30x-ndi-xx_firmware
ptzoptics pt30x-ndi-xx
ptzoptics pt12x-zcam_firmware
ptzoptics pt12x-zcam
ptzoptics pt20x-zcam_firmware
ptzoptics pt20x-zcam
ptzoptics ptvl-zcam_firmware
ptzoptics ptvl-zcam
ptzoptics pteptz-zcam-g2_firmware
ptzoptics pteptz-zcam-g2
ptzoptics pteptz-ndi-zcam-g2_firmware
ptzoptics pteptz-ndi-zcam-g2
ptzoptics vl_fixed_camera_firmware
ptzoptics vl_fixed_camera
ptzoptics ndi_fixed_camera_firmware
ptzoptics ndi_fixed_camera
multicam-systems mcamii_ptz_firmware
multicam-systems mcamii_ptz
smtav ba30s_firmware
smtav ba30s
smtav ba20s_firmware
smtav ba20s
smtav bv20s_firmware
smtav bv20s
smtav bx30s_firmware
smtav bx30s
smtav bx20n_firmware
smtav bx20n
smtav bx20uhd-n_firmware
smtav bx20uhd-n
smtav bx20uhd_firmware
smtav bx20uhd
smtav ba30-n_firmware
smtav ba30-n
smtav ba20-n_firmware
smtav ba20-n
smtav ba12-n_firmware
smtav ba12-n
smtav hd17h-n_firmware
smtav hd17h-n
smtav bx20s-sh_firmware
smtav bx20s-sh
smtav hd17h_firmware
smtav hd17h
smtav bv30s_firmware
smtav bv30s
smtav ba12s_firmware
smtav ba12s
valuehd vx90_firmware
valuehd vx90
valuehd vx720l_firmware
valuehd vx720l
valuehd vx752ag_firmware
valuehd vx752ag
valuehd vx752a_firmware
valuehd vx752a
valuehd vx751ba_firmware
valuehd vx751ba
valuehd vx630al_firmware
valuehd vx630al
valuehd vx61asl_firmware
valuehd vx61asl
valuehd vx61basl_firmware
valuehd vx61basl
valuehd vx60asl_firmware
valuehd vx60asl
valuehd vx61al_firmware
valuehd vx61al
valuehd vx60al_firmware
valuehd vx60al
valuehd vx701ra_firmware
valuehd vx701ra
valuehd vx701ta_firmware
valuehd vx701ta
valuehd vx800i2_firmware
valuehd vx800i2
valuehd v61w_firmware
valuehd v61w
valuehd v63xl_firmware
valuehd v63xl
valuehd v60xl_firmware
valuehd v60xl
valuehd vx70uvs_firmware
valuehd vx70uvs
valuehd vx71uvs_firmware
valuehd vx71uvs
valuehd v71uvs_firmware
valuehd v71uvs

References

Frequently Asked Questions

What is CVE-2025-35451? +
PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use hard-coded, default administrative credentials. The passwords can readily be cracked. Many cameras have SSH or telnet listening on all interfaces. The passwords cannot be changed by the user, nor can the SSH or telnet service be disabled by the user. It has a CVSS v3.1 base score of 9.8 (CRITICAL).
How severe is CVE-2025-35451? +
CVE-2025-35451 has a CVSS v3.1 score of 9.8 out of 10, rated CRITICAL. This is a critical vulnerability that should be patched immediately.
What products are affected by CVE-2025-35451? +
CVE-2025-35451 affects products from multicam-systems, ptzoptics, smtav, valuehd, specifically: ba12-n, ba12-n_firmware, ba12s, ba12s_firmware, ba20-n, ba20-n_firmware, ba20s, ba20s_firmware, ba30-n, ba30-n_firmware, ba30s, ba30s_firmware, bv20s, bv20s_firmware, bv30s, bv30s_firmware, bx20n, bx20n_firmware, bx20s-sh, bx20s-sh_firmware, bx20uhd, bx20uhd-n, bx20uhd-n_firmware, bx20uhd_firmware, bx30s, bx30s_firmware, hd17h, hd17h-n, hd17h-n_firmware, hd17h_firmware, mcamii_ptz, mcamii_ptz_firmware, ndi_fixed_camera, ndi_fixed_camera_firmware, pt12x-ndi-xx, pt12x-ndi-xx_firmware, pt12x-sdi-xx-g2, pt12x-sdi-xx-g2_firmware, pt12x-usb-xx-g2, pt12x-usb-xx-g2_firmware, pt12x-zcam, pt12x-zcam_firmware, pt20x-ndi-xx, pt20x-ndi-xx_firmware, pt20x-sdi-xx-g2, pt20x-sdi-xx-g2_firmware, pt20x-usb-xx-g2, pt20x-usb-xx-g2_firmware, pt20x-zcam, pt20x-zcam_firmware, pt30x-ndi-xx, pt30x-ndi-xx_firmware, pt30x-sdi-xx-g2, pt30x-sdi-xx-g2_firmware, pteptz-ndi-zcam-g2, pteptz-ndi-zcam-g2_firmware, pteptz-zcam-g2, pteptz-zcam-g2_firmware, ptvl-zcam, ptvl-zcam_firmware, v60xl, v60xl_firmware, v61w, v61w_firmware, v63xl, v63xl_firmware, v71uvs, v71uvs_firmware, vl_fixed_camera, vl_fixed_camera_firmware, vx60al, vx60al_firmware, vx60asl, vx60asl_firmware, vx61al, vx61al_firmware, vx61asl, vx61asl_firmware, vx61basl, vx61basl_firmware, vx630al, vx630al_firmware, vx701ra, vx701ra_firmware, vx701ta, vx701ta_firmware, vx70uvs, vx70uvs_firmware, vx71uvs, vx71uvs_firmware, vx720l, vx720l_firmware, vx751ba, vx751ba_firmware, vx752a, vx752a_firmware, vx752ag, vx752ag_firmware, vx800i2, vx800i2_firmware, vx90, vx90_firmware. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2025-35451? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2025-35451 — free, no signup required.

Start Free Scan