ICAM365 CCTV Camera Multiple Models

Monitor6.8ICS-CERT ICSA-25-324-02Nov 20, 2025

Attack VectorAdjacent

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

ICAM365 ROBOT PT Camera P201 and Night Vision Camera QC021 models contain authorization flaws (CWE-306) that allow users with valid credentials to access camera video streams and configuration data beyond their assigned permissions. The vulnerabilities are not remotely exploitable and require local network access and valid authentication. The vendor did not respond to CISA coordination requests, and no patch is available. These vulnerabilities enable unauthorized surveillance data exposure.

What this means

What could happen

An attacker with local network access and valid credentials could view live camera feeds and access camera configuration data without authorization, potentially revealing surveillance blind spots or enabling physical security bypass.

Who's at risk

Facilities security teams managing ROBOT PT Camera P201 and Night Vision Camera QC021 models deployed in municipal utilities, water authorities, power plants, or other critical infrastructure where camera feeds provide physical security or situational awareness of critical equipment areas.

How it could be exploited

An attacker on the same network segment as the camera would need valid user credentials to authenticate to the camera's interface and then exploit insufficient access controls to view video streams and configuration settings they should not have permission to access.

Prerequisites

Network access to the camera on the local network segment (not remotely exploitable)
Valid user credentials for the camera interface
Physical security or network access to the facility network

No patch availableVendor non-responsiveAffects physical security systemsDefault or weak credentials likely in use

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

ROBOT PT Camera P201: <=43.4.0.0≤ 43.4.0.0No fix (EOL)

Night Vision Camera QC021: <=43.4.0.0≤ 43.4.0.0No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDMonitor for and disable any remote access capabilities to these cameras until a vendor fix is available

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGEnforce strong, unique credentials on all cameras and implement account access controls to limit who can view feeds and configuration

Mitigations - no patch available

0/2

The following products have reached End of Life with no planned fix: ROBOT PT Camera P201: <=43.4.0.0, Night Vision Camera QC021: <=43.4.0.0. Apply the following compensating controls:

HARDENINGIsolate ICAM365 cameras on a separate network segment behind a firewall, preventing access from business networks and Internet

HARDENINGRestrict camera network access to authorized personnel only using network segmentation and access control lists

CVEs (2)

CVE-2025-64770 CVE-2025-62674

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e53d8c4c-c030-4cfc-9ec3-1fb8eed6120c