CVE Catalog

CVE-2026-40624

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.62%

45th percentile — higher than 45% of all known CVEs

Summary

Improper input validation in AVer PTC500S, PTC115, PTC500+, and PTC115+ cameras may allow a remote, unauthenticated attacker to achieve arbitrary code execution via a specially crafted web request.

Risk Assessment

An attacker could remotely take control of the device, potentially leading to data leakage or disruption of system operations.

Recommendation

It is recommended to update the camera firmware to the latest version and implement appropriate security measures to restrict device access to authorized users.

Original NVD description (English source)

Improper input validation in AVer PTC500S, PTC115, PTC500+, and PTC115+ cameras may allow a remote, unauthenticated attacker to achieve arbitrary code execution via a specially crafted web request.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS