CVE-2025-45619: Remote Code Execution Vulnerability in Aver PTC310UV2 Firmware

This blog post details a critical security vulnerability identified as CVE-2025-45619, affecting Aver PTC310UV2 cameras. The flaw allows a remote attacker to execute arbitrary code, potentially compromising the device and the network it resides on.

🔍 TL;DR Summary

Aver PTC310UV2 cameras running firmware version 0.1.0000.59 are vulnerable to remote code execution (RCE). By exploiting the SendAction function, an attacker can execute arbitrary commands on the device. This could lead to full system compromise, including access to camera feeds and network infiltration. Immediate patching is highly recommended.

🚨 Vulnerability Details

• CVE ID: CVE-2025-45619
• Description: An issue in Aver PTC310UV2 firmware v.0.1.0000.59 allows a remote attacker to execute arbitrary code via the SendAction function.
• CVSS Score: 6.5 (Medium)
• CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
• CVSS Explanation: This means the vulnerability can be exploited remotely without any user interaction. While it has low impact on confidentiality and integrity, and no impact on availability, it's still a significant risk as it allows for arbitrary code execution.
• Exploit Requirements: Network access to the affected device is required. No authentication is needed by default, making exploitation straightforward.
• Affected Vendor: Aver
• Affected Product: PTC310UV2
• Affected Version: Firmware v.0.1.0000.59
• CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection'). This means the application is not properly sanitizing user-supplied input before passing it to the system's command interpreter, allowing an attacker to inject malicious commands.

📅 Timeline of Events

• 2025-07-30: CVE-2025-45619 publicly disclosed.
• 2025-07-30: Initial vulnerability analysis and blog post creation.
• TBD: Vendor releases patch.

🧠 Exploitability & Real-World Risk

The exploitability of this vulnerability is considered high due to its ease of access and lack of required authentication. In a real-world scenario, an attacker could scan for vulnerable Aver PTC310UV2 cameras on a network and exploit the SendAction function to gain a foothold. Once inside, they could potentially pivot to other systems on the network, steal sensitive data, or disrupt operations. Given the prevalence of these cameras in various environments (e.g., conference rooms, classrooms), the risk is substantial.

🛠️ Recommendations

• Apply the Patch: As soon as Aver releases a patch for this vulnerability, apply it immediately.
• Network Segmentation: Isolate the camera network from the main network to limit the blast radius in case of a successful attack.
• Monitor Network Traffic: Implement network monitoring to detect any suspicious activity originating from the cameras.
• Strong Passwords: Ensure that all accounts on the device have strong, unique passwords. Although this vulnerability doesn't inherently require authentication, good security practices are still important.

🧪 Technical Insight

The vulnerability likely stems from insufficient input validation within the SendAction function. The firmware probably takes user-provided data and directly uses it to construct a system command without proper sanitization. This allows an attacker to inject their own malicious commands, effectively hijacking the device.

🙌 Credit to Researcher(s)

This vulnerability was discovered by weedl. Their GitHub repository provides proof-of-concept exploit code.

🔗 References

• CVE-2025-45619
• Aver Website
• PTC310UV2 Product Page
• weedl's GitHub Repository

🧵 Tags

#CVE-2025-45619 #Aver #PTC310UV2 #RemoteCodeExecution #RCE #FirmwareVulnerability #CommandInjection #SecurityAdvisory

Summary: CVE-2025-45619 is a remote code execution vulnerability in Aver PTC310UV2 cameras running firmware version 0.1.0000.59. The flaw allows an attacker to execute arbitrary commands via the SendAction function, potentially compromising the device and the network.

CVE ID: CVE-2025-45619

Risk Analysis: Successful exploitation can lead to full system compromise, potentially allowing attackers to access camera feeds, control the device, and pivot to other systems on the network. This can have significant privacy and security implications.

Recommendation: Apply the patch as soon as it is released by Aver. Implement network segmentation and monitor network traffic for suspicious activity. Ensure strong passwords are in place.

Timeline

• 2025-07-30: CVE-2025-45619 publicly disclosed.

References

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-45619
• http://aver.com
• http://ptc310uv2.com
• https://github.com/weedl/CVE-2025-45619