Pan-Tilt-Zoom cameras hard-coded default passwords with SSH and telnet enabled_CVE-2025-35451

{
    "lastseen": "",
    "description": "PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use hard-coded, default administrative credentials. The passwords can readily be cracked. Many cameras have SSH or telnet listening on all interfaces. The passwords cannot be changed by the user, nor can the SSH or telnet service be disabled by the user.",
    "published": "2025-09-05T17:43:53.108Z",
    "modified": "2025-09-05T18:59:10.321Z",
    "type": "cve",
    "title": "Pan-Tilt-Zoom cameras hard-coded default passwords with SSH and telnet enabled",
    "source": "cisa-cg",
    "references": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-10\nhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-162-10.json\nhttps://www.cve.org/CVERecord?id=CVE-2025-35451\nhttps://www.labs.greynoise.io/grimoire/2024-10-31-sift-0-day-rce/\nhttps://www.greynoise.io/blog/greynoise-intelligence-discovers-zero-day-vulnerabilities-in-live-streaming-cameras-with-the-help-of-ai",
    "id": "CVE-2025-35451",
    "bulletinFamily": "",
    "cwe": [
        "CWE-798"
    ],
    "cvelist": null,
    "sourceData": "PTZOptics PT12X-SE-xx-G3 0\nPTZOptics PT12X-LINK-4K-xx 0\nPTZOptics PT20X-SE-xx-G3 0\nPTZOptics PT20X-LINK-4K-xx 0\nPTZOptics PT-STUDIOPRO 0\nPTZOptics PT30X-SE-xx-G3 0\nPTZOptics PT30X-LINK-4K-xx 0\nPTZOptics PT12X-STUDIO-4K-xx-G3 0\nPTZOptics PT20X-STUDIO-4K-xx-G3 0\nPTZOptics PT12X-SDI/NDI-xx 0\nPTZOptics PT12X-USB-xx 0\nPTZOptics PT20X-SDI/NDI-xx 0\nSMTAV Pan-Tilt-Zoom Cameras *\nPTZOptics PT30X-SDI/NDI-xx 0\nmultiCAM Systems Pan-Tilt-Zoom Cameras *\nPTZOptics VL Fixed Camera/NDI Fixed Camera 0\nPTZOptics 12x Fixed Camera/NDI Fixed Camera 0\nPTZOptics 20x Fixed Camera/NDI Fixed Camera 0\nPTZOptics EPTZ Fixed Camera/NDI Fixed Camera 0\nPTZOptics HC-EPTZ-NDI 0\nPTZOptics PT12X-4K-xx-G3 0\nPTZOptics PT20X-4K-xx-G3 0\nPTZOptics PT20X-USB-xx 0\nPTZOptics PT30X-4K-xx-G3 0\nValueHD Pan-Tilt-Zoom Cameras *",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "PT12X-SE-xx-G3",
    "version": "0",
    "vendor": "PTZOptics",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}