‹ Back to ICS Advisories

AVer PTC cameras

CRITICAL

CVSS 9.8

Date 2026-06-18T06:00:00+00:00

Source cisa-csaf

Published by CISA

// Description

Successful exploitation of this vulnerability could allow arbitrary code execution.

// Vulnerabilities (1)

CVE ID	CVSS Score	Severity	Description
CVE-2026-40624	9.8	critical	Improper input validation in AVer PTC500S, PTC115, PTC500+, and PTC115+ cameras may allow a remote, unauthenticated attacker to achieve arbitrary code execution via a specially crafted web request.

// Remediations (1)

Mitigation: AVer has provided a firmware fix to address this vulnerability; users can find it at the following l

AVer has provided a firmware fix to address this vulnerability; users can find it at the following location: (https://presentation.aver.com/DownloadFile.aspx?n=6617|1C01A887-7CDC-4C96-AD9A-11D53DE1AD71&t=ServiceDownload).

// References

CISA ICSA-26-169-01
CISA https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2026/icsa-26-169-01.json
CISA https://www.cisa.gov/news-events/ics-advisories/icsa-26-169-01
CISA https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
CISA https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
CISA https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf
CISA https://www.cisa.gov/topics/industrial-control-systems
CISA https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf
CISA https://www.cisa.gov/uscert/ncas/tips/ST04-014
CISA https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01
CISA https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
CISA https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b
CISA https://www.cisa.gov/secure-our-world/teach-employees-avoid-phishing
CISA https://www.cisa.gov/news-events/news/avoiding-social-engineering-and-phishing-attacks