CVE-2025-35452 is a Critical authentication weakness affecting PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras. CISA’s advisory says the administrative web interface uses a default, shared password, and the affected firmware spans multiple PTZOptics, multiCAM Systems, SMTAV, and ValueHD product lines. PTZOptics says the issue has been patched in production firmware for the current generat [truncated]
CVE-2025-35451 is a critical default-access issue affecting multiple PTZOptics camera models and related ValueHD-based camera lines listed by CISA. The advisory says SSH and/or telnet are enabled by default, administrative users including root have default passwords that are trivial to crack, and users cannot change those passwords or disable the services.
CVE-2024-8957 is an OS command injection vulnerability affecting PTZOptics PT30X-SDI/NDI cameras. It is significant because CISA added it to the Known Exploited Vulnerabilities catalog on 2024-11-04, with remediation due by 2024-11-25. The supplied corpus does not include the vendor advisory text, affected firmware versions, or CVSS details, so the safest interpretation is that this should be treated as a [truncated]
CVE-2024-8956 is an authentication bypass vulnerability affecting PTZOptics PT30X-SDI/NDI cameras. CISA added it to the Known Exploited Vulnerabilities catalog on 2024-11-04, with a remediation due date of 2024-11-25. Because it is in KEV, defenders should treat it as a high-priority issue and verify whether any vendor-provided mitigation is available.
