CVE-2026-40624 PUBLISHED

AVer PTC cameras Files or Directories Accessible to External Parties

Assigner: icscert
Reserved: 07.05.2026 Published: 18.06.2026 Updated: 18.06.2026

Improper input validation in AVer PTC500S, PTC115, PTC500+, and PTC115+ cameras may allow a remote, unauthenticated attacker to achieve arbitrary code execution via a specially crafted web request.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 9.3

Product Status

Vendor AVer
Product PTC500S
Versions Default: unaffected
  • Version * is affected
Vendor AVer
Product PTC115
Versions Default: unaffected
  • Version * is affected
Vendor AVer
Product PTC500+
Versions Default: unaffected
  • Version * is affected
Vendor AVer
Product PTC115+
Versions Default: unaffected
  • Version * is affected

Solutions

AVer has provided a firmware fix to address this vulnerability; users can find it at the following location:  https://presentation.aver.com/DownloadFile.aspx?n=6617%7C1C01A887-7CDC-4C96-AD9A-11D53DE1AD71&t=ServiceDownload

Credits

  • fj016 reported this vulnerability to CISA. finder

References

Problem Types

  • CWE-552 CWE