PTZOptics, ValueHD PTZ Cameras: CVE-2025-35452 Hard-Coded Credentials Vulnerability – Brief Summary and Technical Review

This post provides a brief summary and technical review of CVE-2025-35452, a critical hard-coded credentials vulnerability affecting PTZOptics and ValueHD-based pan tilt zoom cameras. The review covers specific affected products, technical root cause, and vendor security history, with references to official advisories and external research.
CVE Analysis

8 min read

ZeroPath CVE Analysis

ZeroPath CVE Analysis

2025-09-05

PTZOptics, ValueHD PTZ Cameras: CVE-2025-35452 Hard-Coded Credentials Vulnerability – Brief Summary and Technical Review
Experimental AI-Generated Content

This CVE analysis is an experimental publication that is completely AI-generated. The content may contain errors or inaccuracies and is subject to change as more information becomes available. We are continuously refining our process.

If you have feedback, questions, or notice any errors, please reach out to us.

[email protected]

Introduction

Unauthorized remote access to surveillance infrastructure has led to real-world breaches in critical manufacturing, healthcare, and government sectors. The recent discovery of default, hard-coded administrative credentials in PTZOptics and ValueHD-based pan tilt zoom cameras (CVE-2025-35452) demonstrates how a single design flaw can expose entire organizations to remote compromise, persistent surveillance, and lateral movement attacks.

PTZOptics is a leading manufacturer of professional PTZ cameras, widely used in broadcasting, education, and security. Their products are deployed globally and are integral to many critical infrastructure and commercial environments. ValueHD supplies OEM camera platforms used by several brands, multiplying the impact of vulnerabilities in their firmware. This vulnerability also affects other vendors such as SMTAV and multiCAM Systems, broadening the scope of exposure.

Technical Information

CVE-2025-35452 is a critical vulnerability (CVSS 9.8) caused by the presence of default, hard-coded credentials in the web interface of PTZOptics and ValueHD-based PTZ cameras. In affected devices, the administrative interface is protected by a username and password combination that is set to a known default value, typically:

Username: admin
Password: admin

In certain firmware versions, these credentials are embedded in the firmware image in plaintext and cannot be changed or disabled by the end user. This means that even after an administrator attempts to update the password, the original hard-coded credentials remain valid for remote access. Attackers can exploit this by connecting to the camera's web interface over the network and authenticating with the default credentials, gaining full administrative control. No user interaction is required, and exploitation can be automated at scale.

The vulnerability is classified under CWE-798 (Use of Hard-coded Credentials) and CWE-1392 (Use of Default Credentials). Public advisories confirm that exploitation is trivial and does not require any special tools or advanced techniques. The flaw is compounded by related issues in the same ecosystem, such as CVE-2024-8956 (improper authentication) and CVE-2025-35451 (hard-coded OS/telnet credentials), which can be chained for deeper compromise.

Affected Systems and Versions

The following products and vendors are confirmed affected by CVE-2025-35452:

  • PTZOptics PTZ camera models with web interface firmware containing hard-coded admin credentials ("admin"/"admin").
  • SMTAV PTZ camera models using ValueHD-based firmware with default credentials.
  • multiCAM Systems PTZ cameras based on ValueHD platforms.
  • ValueHD OEM PTZ camera platforms used by multiple brands.

The vulnerability is present in firmware versions where the admin credentials are hard-coded and cannot be changed or disabled by the user. Specific affected versions are not enumerated in public advisories, but all ValueHD-based PTZ cameras with default credentials are considered vulnerable unless patched. PTZOptics has released patches for some models; organizations should consult the CISA advisory and vendor documentation for model-specific details.

Vendor Security History

PTZOptics has responded to coordinated disclosure by releasing firmware patches for some affected models and maintains a public vulnerability disclosure process. Previous related vulnerabilities include:

  • CVE-2024-8956: Improper authentication in PTZOptics and ValueHD-based cameras.
  • CVE-2025-35451: Hard-coded OS/telnet credentials in the same ecosystem.

PTZOptics generally demonstrates a moderate security maturity, with timely responses to public disclosures. In contrast, SMTAV and ValueHD have not responded to coordinated disclosure efforts and have not issued patches or public guidance, raising concerns about their long-term security support and maturity.

References

Detect & fix
what others miss