CVE-2025-35451 is a critical vulnerability affecting PTZOptics PT12X-SE-xx-G3 pan-tilt-zoom cameras, which are based on the ValueHD platform. The core issue is the presence of hard-coded, default administrative credentials embedded in the device firmware. These credentials are static, cannot be changed by the user, and are easily crackable. Compounding the risk, many of these cameras have SSH and telnet services enabled and listening on all network interfaces, exposing them to remote access attempts. Since the passwords cannot be altered and the SSH/telnet services cannot be disabled by the user, attackers can gain unauthorized administrative access remotely without any user interaction or prior authentication. This grants full control over the device, enabling attackers to manipulate camera functions, intercept video streams, pivot within the network, or launch further attacks. The vulnerability is classified under CWE-798 (Use of Hard-coded Credentials), which is a well-known security anti-pattern that severely undermines device security. The CVSS v3.1 score is 9.8 (critical), reflecting the vulnerability's ease of exploitation (network attack vector, no privileges or user interaction required) and its high impact on confidentiality, integrity, and availability. No patches are currently available, and no known exploits have been reported in the wild yet, but the risk of exploitation is high given the nature of the flaw and the exposure of management services.

For European organizations, this vulnerability poses a significant risk especially for sectors relying on PTZOptics PT12X-SE-xx-G3 cameras for security, surveillance, or operational monitoring. Unauthorized access to these cameras can lead to severe confidentiality breaches, including unauthorized video surveillance and data leakage. Integrity of camera settings and video streams can be compromised, allowing attackers to manipulate footage or disable cameras, impacting physical security and operational continuity. Availability is also at risk, as attackers could disrupt camera functionality or use compromised devices as entry points for lateral movement within corporate or critical infrastructure networks. This is particularly concerning for organizations in government, transportation, manufacturing, and critical infrastructure sectors where surveillance cameras are integral to security operations. The inability to change credentials or disable remote access services exacerbates the risk, making mitigation challenging and increasing the likelihood of successful attacks if devices are exposed to untrusted networks.

Given the lack of patches or firmware updates, European organizations should implement compensating controls immediately. First, isolate affected cameras on dedicated VLANs or network segments with strict access controls and firewall rules limiting inbound traffic to trusted management hosts only. Disable remote access to these devices from the internet or untrusted networks. Employ network-level authentication and monitoring to detect anomalous access attempts to SSH or telnet services. Where possible, replace affected devices with models that allow credential customization and service configuration. If replacement is not feasible, consider deploying network intrusion detection/prevention systems (IDS/IPS) tuned to detect exploitation attempts targeting these cameras. Regularly audit network device inventories to identify and track vulnerable cameras. Engage with PTZOptics or ValueHD vendors for updates or firmware patches and subscribe to vulnerability advisories for timely remediation. Finally, implement physical security controls to prevent unauthorized local access to the devices.