Ptc310Uv2 Firmware
Monthly
Sensitive information disclosure in AVer PTC310UV2 professional PTZ tracking camera firmware version 0.1.0000.59 allows a remote, unauthenticated attacker to retrieve confidential data by sending a specially crafted request to the device. The flaw (CWE-200) carries a high CVSS 8.1 and has publicly available exploit code (GitHub weedl/CVE-2025-45620), though it is not listed in CISA KEV and EPSS remains low at 0.96% (57th percentile), indicating no confirmed widespread exploitation yet.
Remote code execution in AVer PTC310UV2 conference camera firmware v.0.1.0000.59 is reachable by unauthenticated network attackers through command injection in the SendAction function. Unsanitized input passed to the SendAction API is processed directly as a system command, enabling full device compromise on any network-accessible unit. A public proof-of-concept exploit exists on GitHub, materially lowering the attack barrier despite a low EPSS exploitation probability of 0.97%; no active exploitation has been confirmed via CISA KEV.
Sensitive information disclosure in AVer PTC310UV2 professional PTZ tracking camera firmware version 0.1.0000.59 allows a remote, unauthenticated attacker to retrieve confidential data by sending a specially crafted request to the device. The flaw (CWE-200) carries a high CVSS 8.1 and has publicly available exploit code (GitHub weedl/CVE-2025-45620), though it is not listed in CISA KEV and EPSS remains low at 0.96% (57th percentile), indicating no confirmed widespread exploitation yet.
Remote code execution in AVer PTC310UV2 conference camera firmware v.0.1.0000.59 is reachable by unauthenticated network attackers through command injection in the SendAction function. Unsanitized input passed to the SendAction API is processed directly as a system command, enabling full device compromise on any network-accessible unit. A public proof-of-concept exploit exists on GitHub, materially lowering the attack barrier despite a low EPSS exploitation probability of 0.97%; no active exploitation has been confirmed via CISA KEV.