Known Vulnerabilities & Fixes
Q2 2025 Update
The Vulnerabilities Identified
- CVE-2025-35451 – PTZOptics devices have SSH or telnet enabled by default with default passwords that are trivial to crack. The passwords cannot be changed by the user, nor can the SSH or telnet service be disabled by the user.
- CVE-2025-35452 – PTZOptics devices use a default, shared password for the web interface.
Our Response
Both of these vulnerabilities have already been patched on the affected devices. To be specific, CVE-2025-35451 (SSH or Telnet enabled by default) only affects specific firmware versions on the G2 cameras. The G3 cameras have never had SSH or Telnet enabled. CVE-2025-35452 (shared default password) has been patched on the G3 cameras along with the Q1 2025 Update. All G2 cameras are affected by this vulnerability.
CVE-2025-35451
| Product SKU | Affected Firmware | Fixed Firmware | Remediations |
|---|---|---|---|
| PT12X-SDI-xx-G2/PT12X-NDI-xx | < 6.3.34 | 6.3.34 (8/19/2021) | Update firmware |
| PT12X-USB-xx-G2 | < 6.2.81 | 6.2.81 (9/13/2021) | Update firmware |
| PT20X-SDI-xx-G2/PT20X-NDI-xx | < 6.3.20 | 6.3.20 (5/6/2022) | Update firmware |
| PT20X-USB-xx-G2 | < 6.2.73 | 6.2.73 (9/16/2021) | Update firmware |
| PT30X-SDI-xx-G2 / PT30X-NDI-xx | < 6.3.30 | 6.3.30 (4/21/2022) | Update firmware |
| PT12X-ZCAM* | < 7.2.76 | 7.2.76 (5/17/2021) | Update firmware |
| PT20X-ZCAM* | < 7.2.82 | 7.2.82 (5/17/2021) | Update firmware |
| PTVL-ZCAM* | < 7.2.79 | 7.2.79 (4/23/2023) | Update firmware |
| PTEPTZ-ZCAM-G2/PTEPTZ-NDI-ZCAM-G2* | < 8.1.81 | 8.1.81 (4/30/2021) | Update firmware |
*HSI/PTZOptics and its products, including camera equipment, are not affiliated with, endorsed by, or sponsored by Shenzhen ImagineVision Technology Limited. Z CAM® is a registered trademark of Shenzhen ImagineVision Technology Limited.
CVE-2025-35452
| Product SKU | Affected Firmware | Fixed Firmware | Remediations |
|---|---|---|---|
| PT12X-SDI-xx-G2/PT12X-NDI-xx | All | N/A | Change the device’s password |
| PT12X-USB-xx-G2 | All | N/A | Change the device’s password |
| PT20X-SDI-xx-G2/PT20X-NDI-xx | All | N/A | Change the device’s password |
| PT20X-USB-xx-G2 | All | N/A | Change the device’s password |
| PT30X-SDI-xx-G2 / PT30X-NDI-xx | All | N/A | Change the device’s password |
| PT12X-ZCAM* | All | N/A | Change the device’s password |
| PT20X-ZCAM* | All | N/A | Change the device’s password |
| PTVL-ZCAM* | All | N/A | Change the device’s password |
| PTEPTZ-ZCAM-G2/PTEPTZ-NDI-ZCAM-G2* | All | N/A | Change the device’s password |
| PT12X-4K-xx-G3 | < 0.0.58 | 0.0.58 (2/21/2025) | Update firmware |
| PT20X-4K-xx-G3 | < 0.0.85 | 0.0.85 (2/27/2025) | Update firmware |
| PT30X-4K-xx-G3 | < 2.0.64 | 2.0.64 (1/14/2025) | Update firmware |
| PT12X-LINK-4K-xx | < 0.0.63 | 0.0.63 (4/08/2025) | Update firmware |
| PT20X-LINK-4K-xx | < 0.0.89 | 0.0.89 (4/28/2025) | Update firmware |
| PT30X-LINK-4K-xx | < 2.0.71 | 2.0.71 (4/28/2025) | Update firmware |
| PT12X-SE-xx-G3 | < 9.1.43 | 9.1.43 (2/13/2025) | Update firmware |
| PT20X-SE-xx-G3 | < 9.1.32 | 9.1.32 (1/14/2025) | Update firmware |
| PT30X-SE-xx-G3 | < 9.1.33 | 9.1.33 (2/13/2025) | Update firmware |
| PT-STUDIOPRO | < 9.0.41 | 9.0.41 (2/27/2025) | Update firmware |
*HSI/PTZOptics and its products, including camera equipment, are not affiliated with, endorsed by, or sponsored by Shenzhen ImagineVision Technology Limited. Z CAM® is a registered trademark of Shenzhen ImagineVision Technology Limited.
Q1 2025 Update
The PTZOptics team was alerted by VulnCheck, Inc. to three potential security vulnerabilities in the firmware of our G2 30x SDI/NDI camera as noted in Common Vulnerabilities and Exposures report CVE-2024-8956 and CVE-2024-8957. The identified vulnerabilities that, when used in combination with each other, could potentially allow unauthorized access to sensitive information and control over the cameras. The PTZOptics team tested this vulnerability against every PTZOptics device and we patched all those affected.
The Vulnerabilities Identified
- Insufficient Authentication – Some API routes in our cameras were not protected by authentication, potentially exposing network and login information.
- Remote File Write – Certain API commands allowed direct modification of files on the camera, posing a risk of unauthorized changes to the camera’s operating files.
- Remote Code Execution – A flaw in the Network Time Protocol configuration API allowed unauthorized users to run applications on the camera, potentially compromising the entire file system.
Our Response
| Product | Previous Firmware | CVE/PSTI Approved Firmware |
|---|---|---|
| PT12X-4K-xx-G3 | 0.0.46 | 0.0.58 |
| PT20X-4K-xx-G3 | 0.0.73 | 0.0.85 |
| PT30X-4K-xx-G3 | 2.0.48 | 2.0.64 |
| PT12X-SE-xx-G3 | 9.1.35 | 9.1.43 |
| PT20X-SE-xx-G3 | 9.1.26 | 9.1.32 |
| PT30X-SE-xx-G3 | 9.1.24 | 9.1.33 |
| PT12X-LINK-4K-xx | 0.0.48 | 0.0.63 |
| PT20X-LINK-4K-xx | 0.0.75 | 0.0.89 |
| PT30X-LINK-4K-xx | 2.0.50 | 2.0.71 |
| PT-STUDIOPRO | 9.0.39 | 9.0.41 |
| PT12X-STUDIO-4K-xx-G3 | 8.1.82 | 8.1.90 |
| PT20X-STUDIO-4K-xx-G3 | 8.1.83 | 8.1.90 |
| PT12X-SDI/NDI-xx | 6.3.62 | 6.3.70 |
| PT12X-USB-xx | 6.2.81 | 6.2.88 |
| PT20X-SDI/NDI-xx | 6.3.22 | 6.3.27 |
| PT20X-USB-xx | 6.2.73 | 6.2.81 |
| PT30X-SDI/NDI-xx | 6.3.32 | 6.3.43 |
| VL Fixed Camera/NDI Fixed Camera | 7.2.83 | 7.2.94 |
| 12x Fixed Camera/NDI Fixed Camera | 7.2.80 | 7.2.85 |
| 20x Fixed Camera/NDI Fixed Camera | 7.2.89 | 7.2.94 |
| EPTZ Fixed Camera/NDI Fixed Camera | 8.1.83 | 8.1.89 |
| HC-EPTZ-NDI | 8.2.08 | 8.2.14 |
