Skip to main content

AVer PTC310UV2 CVE-2025-45619

MEDIUM
Command Injection (CWE-77)
2025-07-30 cve@mitre.org
6.5
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
vuln.today AI
9.8 CRITICAL

Arbitrary code execution on embedded firmware implies full device compromise; C:H/I:H/A:H is warranted - the official C:L/I:L/A:N appears inconsistent with the stated impact.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (mitre).

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jul 05, 2026 - 03:56 vuln.today

DescriptionCVE.org

An issue in Aver PTC310UV2 firmware v.0.1.0000.59 allows a remote attacker to execute arbitrary code via the SendAction function

AnalysisAI

Remote code execution in AVer PTC310UV2 conference camera firmware v.0.1.0000.59 is reachable by unauthenticated network attackers through command injection in the SendAction function. Unsanitized input passed to the SendAction API is processed directly as a system command, enabling full device compromise on any network-accessible unit. A public proof-of-concept exploit exists on GitHub, materially lowering the attack barrier despite a low EPSS exploitation probability of 0.97%; no active exploitation has been confirmed via CISA KEV.

Technical ContextAI

The affected product is the AVer PTC310UV2 PTZ (Pan-Tilt-Zoom) conference camera running firmware version 0.1.0000.59, identified by CPE cpe:2.3:o:averusa:ptc310uv2_firmware:0.1.0000.59:*:*:*:*:*:*:*. The root cause is CWE-77 (Improper Neutralization of Special Elements used in a Command - command injection). The SendAction function, likely part of an HTTP-based device management or camera control API exposed by the firmware, fails to sanitize attacker-supplied input before passing it to an underlying OS command interpreter. This is a classic embedded firmware vulnerability class: developers often build control APIs in resource-constrained environments and omit input validation, allowing shell metacharacters such as semicolons, pipes, or backticks to break out of the intended command context and execute arbitrary attacker-controlled instructions.

RemediationAI

No vendor-released patch has been identified at the time of analysis; organizations should monitor AVer's product page at http://ptc310uv2.com for firmware updates and apply any release that addresses this CVE immediately. As compensating controls, place all AVer PTC310UV2 cameras on isolated VLANs with strict ACLs that block access from untrusted networks and the public internet - this directly addresses the network-vector (AV:N) exploitation path without affecting local camera operation. Restrict access to the camera's management interface and the SendAction API endpoint to dedicated AV management subnets only; note this may interrupt control plane functionality if management tooling operates from general corporate subnets. Audit current firewall rules and NAT configurations to confirm no PTC310UV2 management ports are internet-exposed, as this is a common misconfiguration in conference room deployments.

Share

CVE-2025-45619 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy