PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use hard-coded, default administrative credentials. The passwords can readily be cracked. Many cameras have SSH or telnet listening on all interfaces. The passwords cannot be changed by the user, nor can the SSH or telnet service be disabled by the user.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Mon, 08 Sep 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 05 Sep 2025 19:15:00 +0000


Fri, 05 Sep 2025 18:00:00 +0000

Type Values Removed Values Added
Description PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use hard-coded, default administrative credentials. The passwords can readily be cracked. Many cameras have SSH or telnet listening on all interfaces. The passwords cannot be changed by the user, nor can the SSH or telnet service be disabled by the user.
Title Pan-Tilt-Zoom cameras hard-coded default passwords with SSH and telnet enabled
Weaknesses CWE-798
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: cisa-cg

Published:

Updated: 2025-09-08T18:08:29.882Z

Reserved: 2025-04-15T20:57:14.282Z

Link: CVE-2025-35451

cve-icon Vulnrichment

Updated: 2025-09-08T18:08:26.210Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-09-05T18:15:41.900

Modified: 2025-09-08T16:25:59.157

Link: CVE-2025-35451

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.