Skip to main content

Ptc310Uv2 Firmware

2 CVEs product

Monthly

CVE-2025-45620 HIGH POC This Week

Sensitive information disclosure in AVer PTC310UV2 professional PTZ tracking camera firmware version 0.1.0000.59 allows a remote, unauthenticated attacker to retrieve confidential data by sending a specially crafted request to the device. The flaw (CWE-200) carries a high CVSS 8.1 and has publicly available exploit code (GitHub weedl/CVE-2025-45620), though it is not listed in CISA KEV and EPSS remains low at 0.96% (57th percentile), indicating no confirmed widespread exploitation yet.

Information Disclosure Ptc310Uv2 Firmware
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2025-45619 MEDIUM POC This Month

Remote code execution in AVer PTC310UV2 conference camera firmware v.0.1.0000.59 is reachable by unauthenticated network attackers through command injection in the SendAction function. Unsanitized input passed to the SendAction API is processed directly as a system command, enabling full device compromise on any network-accessible unit. A public proof-of-concept exploit exists on GitHub, materially lowering the attack barrier despite a low EPSS exploitation probability of 0.97%; no active exploitation has been confirmed via CISA KEV.

Command Injection RCE Ptc310Uv2 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
EPSS 1% CVSS 8.1
HIGH POC This Week

Sensitive information disclosure in AVer PTC310UV2 professional PTZ tracking camera firmware version 0.1.0000.59 allows a remote, unauthenticated attacker to retrieve confidential data by sending a specially crafted request to the device. The flaw (CWE-200) carries a high CVSS 8.1 and has publicly available exploit code (GitHub weedl/CVE-2025-45620), though it is not listed in CISA KEV and EPSS remains low at 0.96% (57th percentile), indicating no confirmed widespread exploitation yet.

Information Disclosure Ptc310Uv2 Firmware
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Remote code execution in AVer PTC310UV2 conference camera firmware v.0.1.0000.59 is reachable by unauthenticated network attackers through command injection in the SendAction function. Unsanitized input passed to the SendAction API is processed directly as a system command, enabling full device compromise on any network-accessible unit. A public proof-of-concept exploit exists on GitHub, materially lowering the attack barrier despite a low EPSS exploitation probability of 0.97%; no active exploitation has been confirmed via CISA KEV.

Command Injection RCE Ptc310Uv2 Firmware
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy