Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Web request to networked camera with no auth or interaction (AV:N/AC:L/PR:N/UI:N); arbitrary code execution yields full C/I/A impact on the device.
Primary rating from Vendor (icscert).
CVSS VectorVendor: icscert
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
Improper input validation in AVer PTC500S, PTC115, PTC500+, and PTC115+ cameras may allow a remote, unauthenticated attacker to achieve arbitrary code execution via a specially crafted web request.
AnalysisAI
Remote code execution in AVer PTC500S, PTC115, PTC500+, and PTC115+ cameras allows unauthenticated attackers to run arbitrary code by sending a specially crafted web request to the device's HTTP interface. The flaw was reported through CISA's ICS-CERT coordination process and carries a CVSS 4.0 base score of 9.3, but there is no public exploit identified at time of analysis and the CVE is not on the CISA KEV list.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires only network reachability to the HTTP management interface of an AVer PTC500S, PTC115, PTC500+, or PTC115+ camera and the ability to send a crafted web request; no authentication, user interaction, or non-default configuration is required (CVSS PR:N/UI:N/AC:L). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | All signals point to this being a real, high-priority issue rather than an inflated CVSS score: the CVSS 4.0 vector AV:N/AC:L/AT:N/PR:N/UI:N with VC:H/VI:H/VA:H describes a fully remote, unauthenticated, low-complexity attack yielding full compromise of the vulnerable camera, and CWE-552 plus the Path Traversal/RCE tags are consistent with that. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who can reach the camera's web interface - for example, an internal user, a compromised endpoint on the same VLAN, or any host on the internet if the camera is exposed - sends a single crafted HTTP request that abuses the input-validation flaw (consistent with CWE-552 path handling) to write or invoke arbitrary code on the device. Because authentication is not required and complexity is low, this can be scripted at scale once details emerge; no public exploit identified at time of analysis, but path-traversal-to-RCE patterns in IoT cameras are typically straightforward to weaponize. … |
| Remediation | No vendor-released patch version is identified in the available input data; defenders should consult the CISA advisory ICSA-26-169-01 (https://www.cisa.gov/news-events/ics-advisories/icsa-26-169-01) and the corresponding CSAF document for the latest AVer firmware update and apply it as soon as it is published. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
WITHIN 24 HOURS: Conduct complete inventory of all AVer PTC500S, PTC115, PTC500+, and PTC115+ cameras in production; assess network exposure and criticality; isolate high-risk deployments from untrusted network segments. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37972
GHSA-pg6m-mhv8-fpmp