PTZOptics and Other Pan-Tilt-Zoom Cameras

Act NowCVSS 9.8ICS-CERT ICSA-25-162-10Jun 12, 2025

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple pan-tilt-zoom (PTZ) camera products contain critical vulnerabilities enabling remote code execution, arbitrary command injection, and unauthorized access using hard-coded credentials. Affected products include PTZOptics models (VL Fixed, PT12X, PT20X, PT30X series and variants), ValueHD PTZ cameras, SMTAV PTZ cameras, and multiCAM Systems PTZ cameras. The vulnerabilities stem from weak authentication (CWE-287), hard-coded credentials (CWE-798), and command injection (CWE-78). PTZOptics has released fixes available on its Known Vulnerabilities and Fixes site. ValueHD, multiCAM Systems, and SMTAV have indicated they will not provide patches and did not respond to coordination requests.

What this means

What could happen

An attacker can remotely execute arbitrary commands on affected PTZ cameras without authentication, potentially gaining full control over surveillance systems and allowing data exfiltration. This could compromise visual monitoring in critical facilities and provide attackers a foothold for lateral movement into facility networks.

Who's at risk

This vulnerability affects surveillance and video conferencing systems in facilities that rely on PTZ camera feeds for monitoring and situational awareness, including broadcast studios, command centers, manufacturing facilities with visual inspection requirements, and remote collaboration spaces. PTZOptics, ValueHD, SMTAV, and multiCAM Systems camera models are at risk.

How it could be exploited

An attacker with network access to the camera's IP address can authenticate using hard-coded credentials or exploit weak authentication mechanisms (CWE-287, CWE-798), then inject arbitrary commands (CWE-78) into the web interface or API endpoints to achieve remote code execution.

Prerequisites

Network reachability to the PTZ camera's IP address and web management port (typically HTTP/HTTPS)

remotely exploitableno authentication requiredlow complexityactively exploited (KEV)high EPSS score (83.6%)no patch available for many productshard-coded credentials

Exploitability

Actively exploited — confirmed by CISA KEV

Affected products (39)

1 pending38 EOL

ProductAffected VersionsFix Status

PTZOptics PTZOptics VL Fixed Camera/NDI Fixed Camera: <=7.2.94≤ 7.2.94No fix (EOL)

SMTAV Pan-Tilt-Zoom Cameras: vers:all/*All versionsNo fix (EOL)

ValueHD Pan-Tilt-Zoom Cameras: vers:all/*All versionsNo fix (EOL)

PTZOptics PT12X-SDI-xx-G2: <=6.3.34≤ 6.3.34No fix (EOL)

PTZOptics PT12X-NDI-xx: <=6.3.34≤ 6.3.34No fix (EOL)

Remediation & Mitigation

0/6

Do now

0/4

HARDENINGIsolate all affected PTZ cameras from direct internet access using network segmentation and firewalls

HARDENINGRestrict network access to PTZ camera management interfaces to authorized personnel only (VPN or trusted IP whitelist)

WORKAROUNDChange any default credentials on affected cameras if vendor firmware update is not possible

HOTFIXFor PTZOptics cameras with available firmware, apply vendor patches from the PTZOptics Known Vulnerabilities and Fixes site

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor for suspicious connections and commands directed at PTZ cameras using network logging or IDS

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: PTZOptics PTZOptics VL Fixed Camera/NDI Fixed Camera: <=7.2.94, SMTAV Pan-Tilt-Zoom Cameras: vers:all/*, ValueHD Pan-Tilt-Zoom Cameras: vers:all/*, PTZOptics PT12X-SDI-xx-G2: <=6.3.34, PTZOptics PT12X-NDI-xx: <=6.3.34, PTZOptics PT12X-USB-xx-G2: <=6.2.81, PTZOptics PT20X-SDI-xx-G2: <=6.3.20, PTZOptics PT20X-NDI-xx: <=6.3.20, PTZOptics PT20X-USB-xx-G2: <=6.2.73, PTZOptics PT30X-NDI-xx: <=6.3.30, PTZOptics PT12X-SDI-xx-G2: vers:all/*, PTZOptics PT12X-NDI-xx: vers:all/*, PTZOptics PT12X-USB-xx-G2: vers:all/*, PTZOptics PT20X-USB-xx-G2: vers:all/*, PTZOptics PT30X-SDI-xx-G2: vers:all/*, PTZOptics PT30X-NDI-xx: vers:all/*, PTZOptics PT12X-ZCAM: vers:all/*, PTZOptics PT20X-ZCAM: <=7.2.82, PTZOptics PTVL-ZCAM: <=7.2.79, PTZOptics PTEPTZ-ZCAM-G2: <=8.1.81, PTZOptics PTEPTZ-ZCAM-G2: vers:all/*, PTZOptics PTEPTZ-NDI-ZCAM-G2: <=8.1.81, PTZOptics PT12X-4K-xx-G3: <=0.0.58, PTZOptics PT20X-4K-xx-G3: <=0.0.85, PTZOptics PT30X-4K-xx-G3: <=2.0.64, PTZOptics PT12X-LINK-4K-xx: <=0.0.63, PTZOptics PT20X-LINK-4K-xx: <=0.0.89, PTZOptics PT30X-LINK-4K-xx: <=2.0.71, PTZOptics PT12X-SE-xx-G3: <=9.1.43, PTZOptics PT30X-SE-xx-G3: <=9.1.33, PTZOptics PT-STUDIOPRO: <=9.0.41, multiCAM Systems Pan-Tilt-Zoom Cameras: vers:all/*, PTZOptics PT20X-SDI-xx-G2: vers:all/*, PTZOptics PT30X-SDI-xx-G2: <=6.3.30, PTZOptics PT12X-ZCAM: <=7.2.76, PTZOptics PT20X-ZCAM: vers:all/*, PTZOptics PTVL-ZCAM: vers:all/*, PTZOptics PT20X-SE-xx-G3: <=9.1.32. Apply the following compensating controls:

HARDENINGFor ValueHD, multiCAM Systems, and SMTAV cameras where no patch will be provided, evaluate replacement with patched alternatives or long-term network isolation

CVEs (4)

CVE-2024-8956 CVE-2024-8957 CVE-2025-35451 CVE-2025-35452

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b44e0598-9c90-408c-9aa3-3d8e7c18f034

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.