AVer PTC310UV2 CVE-2025-45619
MEDIUMSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Arbitrary code execution on embedded firmware implies full device compromise; C:H/I:H/A:H is warranted - the official C:L/I:L/A:N appears inconsistent with the stated impact.
Primary rating from Vendor (mitre).
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionCVE.org
An issue in Aver PTC310UV2 firmware v.0.1.0000.59 allows a remote attacker to execute arbitrary code via the SendAction function
AnalysisAI
Remote code execution in AVer PTC310UV2 conference camera firmware v.0.1.0000.59 is reachable by unauthenticated network attackers through command injection in the SendAction function. Unsanitized input passed to the SendAction API is processed directly as a system command, enabling full device compromise on any network-accessible unit. A public proof-of-concept exploit exists on GitHub, materially lowering the attack barrier despite a low EPSS exploitation probability of 0.97%; no active exploitation has been confirmed via CISA KEV.
Technical ContextAI
The affected product is the AVer PTC310UV2 PTZ (Pan-Tilt-Zoom) conference camera running firmware version 0.1.0000.59, identified by CPE cpe:2.3:o:averusa:ptc310uv2_firmware:0.1.0000.59:*:*:*:*:*:*:*. The root cause is CWE-77 (Improper Neutralization of Special Elements used in a Command - command injection). The SendAction function, likely part of an HTTP-based device management or camera control API exposed by the firmware, fails to sanitize attacker-supplied input before passing it to an underlying OS command interpreter. This is a classic embedded firmware vulnerability class: developers often build control APIs in resource-constrained environments and omit input validation, allowing shell metacharacters such as semicolons, pipes, or backticks to break out of the intended command context and execute arbitrary attacker-controlled instructions.
RemediationAI
No vendor-released patch has been identified at the time of analysis; organizations should monitor AVer's product page at http://ptc310uv2.com for firmware updates and apply any release that addresses this CVE immediately. As compensating controls, place all AVer PTC310UV2 cameras on isolated VLANs with strict ACLs that block access from untrusted networks and the public internet - this directly addresses the network-vector (AV:N) exploitation path without affecting local camera operation. Restrict access to the camera's management interface and the SendAction API endpoint to dedicated AV management subnets only; note this may interrupt control plane functionality if management tooling operates from general corporate subnets. Audit current firewall rules and NAT configurations to confirm no PTC310UV2 management ports are internet-exposed, as this is a common misconfiguration in conference room deployments.
More in Ptc310Uv2 Firmware
View allSame weakness CWE-77 – Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today