Known Vulnerabilities & Fixes
Q3 2025 Update
The Vulnerabilities Identified
- CVE-2025-8671 – A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may result in excessive server resource consumption leading to denial-of-service (DoS). By opening streams and then rapidly triggering the server to reset them—using malformed frames or flow control errors—an attacker can exploit incorrect stream accounting. Streams reset by the server are considered closed at the protocol level, even though backend processing continues. This allows a client to cause the server to handle an unbounded number of concurrent streams on a single connection. This CVE will be updated as affected product details are released.
- CVE-2025-54500 – An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames to break the maximum concurrent streams limit (HTTP/2 MadeYouReset Attack).
Our Response
An earlier update to this page noted two Common Common Vulnerabilities and Exposures (CVEs) actively affecting the cameras: CVE-2025-8617 and CVE-2025-25500. These two CVEs allowed for Denial-of-Service (DoS) attacks through vulnerabilities in the HTTP/2 module of the lighttpd web server. After a thorough investigation it was determined that no actively sold cameras are vulnerable to either CVE. We do not include the HTTP/2 module in the lighttpd server on these cameras.
Q2 2025 Update
The Vulnerabilities Identified
- CVE-2025-35451 – PTZOptics devices have SSH or telnet enabled by default with default passwords that are trivial to crack. The passwords cannot be changed by the user, nor can the SSH or telnet service be disabled by the user.
- CVE-2025-35452 – PTZOptics devices use a default, shared password for the web interface.
Our Response
Both of these vulnerabilities have already been patched on the affected devices. To be specific, CVE-2025-35451 (SSH or Telnet enabled by default) only affects specific firmware versions on the G2 cameras. The G3 cameras have never had SSH or Telnet enabled. CVE-2025-35452 (shared default password) has been patched on the G3 cameras along with the Q1 2025 Update. All G2 cameras are affected by this vulnerability.
CVE-2025-35451
| Product SKU | Affected Firmware | Fixed Firmware | Remediations |
|---|---|---|---|
| PT12X-SDI-xx-G2/PT12X-NDI-xx | < 6.3.34 | 6.3.34 (8/19/2021) | Update firmware |
| PT12X-USB-xx-G2 | < 6.2.81 | 6.2.81 (9/13/2021) | Update firmware |
| PT20X-SDI-xx-G2/PT20X-NDI-xx | < 6.3.20 | 6.3.20 (5/6/2022) | Update firmware |
| PT20X-USB-xx-G2 | < 6.2.73 | 6.2.73 (9/16/2021) | Update firmware |
| PT30X-SDI-xx-G2 / PT30X-NDI-xx | < 6.3.30 | 6.3.30 (4/21/2022) | Update firmware |
| PT12X-ZCAM* | < 7.2.76 | 7.2.76 (5/17/2021) | Update firmware |
| PT20X-ZCAM* | < 7.2.82 | 7.2.82 (5/17/2021) | Update firmware |
| PTVL-ZCAM* | < 7.2.79 | 7.2.79 (4/23/2023) | Update firmware |
| PTEPTZ-ZCAM-G2/PTEPTZ-NDI-ZCAM-G2* | < 8.1.81 | 8.1.81 (4/30/2021) | Update firmware |
*HSI/PTZOptics and its products, including camera equipment, are not affiliated with, endorsed by, or sponsored by Shenzhen ImagineVision Technology Limited. Z CAM® is a registered trademark of Shenzhen ImagineVision Technology Limited.
CVE-2025-35452
| Product SKU | Affected Firmware | Fixed Firmware | Remediations |
|---|---|---|---|
| PT12X-SDI-xx-G2/PT12X-NDI-xx | All | N/A | Change the device’s password |
| PT12X-USB-xx-G2 | All | N/A | Change the device’s password |
| PT20X-SDI-xx-G2/PT20X-NDI-xx | All | N/A | Change the device’s password |
| PT20X-USB-xx-G2 | All | N/A | Change the device’s password |
| PT30X-SDI-xx-G2 / PT30X-NDI-xx | All | N/A | Change the device’s password |
| PT12X-ZCAM* | All | N/A | Change the device’s password |
| PT20X-ZCAM* | All | N/A | Change the device’s password |
| PTVL-ZCAM* | All | N/A | Change the device’s password |
| PTEPTZ-ZCAM-G2/PTEPTZ-NDI-ZCAM-G2* | All | N/A | Change the device’s password |
| PT12X-4K-xx-G3 | < 0.0.58 | 0.0.58 (2/21/2025) | Update firmware |
| PT20X-4K-xx-G3 | < 0.0.85 | 0.0.85 (2/27/2025) | Update firmware |
| PT30X-4K-xx-G3 | < 2.0.64 | 2.0.64 (1/14/2025) | Update firmware |
| PT12X-LINK-4K-xx | < 0.0.63 | 0.0.63 (4/08/2025) | Update firmware |
| PT20X-LINK-4K-xx | < 0.0.89 | 0.0.89 (4/28/2025) | Update firmware |
| PT30X-LINK-4K-xx | < 2.0.71 | 2.0.71 (4/28/2025) | Update firmware |
| PT12X-SE-xx-G3 | < 9.1.43 | 9.1.43 (2/13/2025) | Update firmware |
| PT20X-SE-xx-G3 | < 9.1.32 | 9.1.32 (1/14/2025) | Update firmware |
| PT30X-SE-xx-G3 | < 9.1.33 | 9.1.33 (2/13/2025) | Update firmware |
| PT-STUDIOPRO | < 9.0.41 | 9.0.41 (2/27/2025) | Update firmware |
*HSI/PTZOptics and its products, including camera equipment, are not affiliated with, endorsed by, or sponsored by Shenzhen ImagineVision Technology Limited. Z CAM® is a registered trademark of Shenzhen ImagineVision Technology Limited.
Q1 2025 Update
The PTZOptics team was alerted by VulnCheck, Inc. to three potential security vulnerabilities in the firmware of our G2 30x SDI/NDI camera as noted in Common Vulnerabilities and Exposures report CVE-2024-8956 and CVE-2024-8957. The identified vulnerabilities that, when used in combination with each other, could potentially allow unauthorized access to sensitive information and control over the cameras. The PTZOptics team tested this vulnerability against every PTZOptics device and we patched all those affected.
The Vulnerabilities Identified
- Insufficient Authentication – Some API routes in our cameras were not protected by authentication, potentially exposing network and login information.
- Remote File Write – Certain API commands allowed direct modification of files on the camera, posing a risk of unauthorized changes to the camera’s operating files.
- Remote Code Execution – A flaw in the Network Time Protocol configuration API allowed unauthorized users to run applications on the camera, potentially compromising the entire file system.
Our Response
| Product | Previous Firmware | CVE/PSTI Approved Firmware |
|---|---|---|
| PT12X-4K-xx-G3 | 0.0.46 | 0.0.58 |
| PT20X-4K-xx-G3 | 0.0.73 | 0.0.85 |
| PT30X-4K-xx-G3 | 2.0.48 | 2.0.64 |
| PT12X-SE-xx-G3 | 9.1.35 | 9.1.43 |
| PT20X-SE-xx-G3 | 9.1.26 | 9.1.32 |
| PT30X-SE-xx-G3 | 9.1.24 | 9.1.33 |
| PT12X-LINK-4K-xx | 0.0.48 | 0.0.63 |
| PT20X-LINK-4K-xx | 0.0.75 | 0.0.89 |
| PT30X-LINK-4K-xx | 2.0.50 | 2.0.71 |
| PT-STUDIOPRO | 9.0.39 | 9.0.41 |
| PT12X-STUDIO-4K-xx-G3 | 8.1.82 | 8.1.90 |
| PT20X-STUDIO-4K-xx-G3 | 8.1.83 | 8.1.90 |
| PT12X-SDI/NDI-xx | 6.3.62 | 6.3.70 |
| PT12X-USB-xx | 6.2.81 | 6.2.88 |
| PT20X-SDI/NDI-xx | 6.3.22 | 6.3.27 |
| PT20X-USB-xx | 6.2.73 | 6.2.81 |
| PT30X-SDI/NDI-xx | 6.3.32 | 6.3.43 |
| VL Fixed Camera/NDI Fixed Camera | 7.2.83 | 7.2.94 |
| 12x Fixed Camera/NDI Fixed Camera | 7.2.80 | 7.2.85 |
| 20x Fixed Camera/NDI Fixed Camera | 7.2.89 | 7.2.94 |
| EPTZ Fixed Camera/NDI Fixed Camera | 8.1.83 | 8.1.89 |
| HC-EPTZ-NDI | 8.2.08 | 8.2.14 |
