AVer PTC Camera Remote Code Execution Advisory
🔒 AVer PTC500S, PTC115, PTC500+, and PTC115+ cameras contain an input validation flaw that could permit unauthenticated remote arbitrary code execution via a crafted web request. Affected devices are rated CVSS v3 9.8 and relate to CWE-552 Files or Directories Accessible to External Parties. AVer has released firmware to address the issue and CISA advises minimizing network exposure, placing devices behind firewalls, and using secure remote access methods such as updated VPNs.
