CVE-2025-35452 is a critical vulnerability identified in the PTZOptics PT12X-SE-xx-G3 series of pan-tilt-zoom (PTZ) cameras, which are based on ValueHD technology. The core issue is the use of hard-coded, default administrative credentials embedded within the device's web interface. This vulnerability falls under CWE-798 (Use of Hard-coded Credentials) and CWE-1392 (Improper Authentication). Because these credentials are shared across devices and cannot be changed by the user, any attacker with network access to the camera can gain full administrative control without authentication or user interaction. The CVSS v3.1 base score of 9.8 reflects the critical severity, with attack vector being network-based (AV:N), no privileges required (PR:N), no user interaction needed (UI:N), and full impact on confidentiality, integrity, and availability (C:H/I:H/A:H). Exploiting this vulnerability allows an attacker to manipulate camera settings, intercept or manipulate video streams, and potentially use the device as a pivot point for further network compromise. Although no public exploits have been reported yet, the ease of exploitation and critical impact make this a significant threat. The lack of available patches or firmware updates at the time of publication further exacerbates the risk.

For European organizations, the impact of this vulnerability can be severe, especially for sectors relying heavily on video surveillance such as government facilities, transportation hubs, critical infrastructure, corporate offices, and educational institutions. Unauthorized access to PTZ cameras can lead to breaches of privacy, espionage, and unauthorized monitoring. Attackers could disrupt security operations by disabling or manipulating camera feeds, undermining physical security measures. Additionally, compromised cameras could serve as entry points for lateral movement within corporate or governmental networks, potentially exposing sensitive data or critical systems. Given the critical CVSS score and the network-exploitable nature of the vulnerability, organizations face risks of significant operational disruption and reputational damage. The absence of patches means organizations must rely on compensating controls until a fix is available.

1. Immediate network segmentation: Isolate PTZOptics PT12X-SE-xx-G3 cameras on dedicated VLANs or network segments with strict access controls to limit exposure. 2. Implement firewall rules to restrict access to the camera management interface only to trusted IP addresses or management stations. 3. Employ network monitoring and intrusion detection systems to identify unusual access patterns or brute-force attempts targeting camera interfaces. 4. Disable the web management interface if possible or restrict it to internal management networks only. 5. Use VPNs or secure tunnels for remote management to prevent direct exposure of camera interfaces to the internet. 6. Regularly audit devices for default credentials and replace or remove vulnerable devices where feasible. 7. Engage with PTZOptics for firmware updates or patches and apply them promptly once available. 8. Consider deploying compensating controls such as multi-factor authentication at the network gateway level or using alternative camera models with better security postures if replacement is an option.