CVE-2026-40624
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk45th percentile — higher than 45% of all known CVEs
Summary
Improper input validation in AVer PTC500S, PTC115, PTC500+, and PTC115+ cameras may allow a remote, unauthenticated attacker to achieve arbitrary code execution via a specially crafted web request.
Risk Assessment
An attacker could remotely take control of the device, potentially leading to data leakage or disruption of system operations.
Recommendation
It is recommended to update the camera firmware to the latest version and implement appropriate security measures to restrict device access to authorized users.
Original NVD description (English source)
Improper input validation in AVer PTC500S, PTC115, PTC500+, and PTC115+ cameras may allow a remote, unauthenticated attacker to achieve arbitrary code execution via a specially crafted web request.

