How is CVE-2026-40624 exploited?

Network reachability (required): The attacker must be able to reach the camera's web interface over the network; there is no requirement for adjacent-network or physical access. Authentication (not-required): No account or credential of any privilege level is needed to send the malicious request. Victim interaction (not-required): The attacker acts entirely on their own; no user on the target device needs to click a link or take any action. Attack complexity (info): Exploitation is reliable and condition-free, with no race conditions, memory-layout dependencies, or other environmental factors required.

What is the impact of CVE-2026-40624?

The attacker gains arbitrary code execution on the camera device, enabling full control of its firmware environment. Confidential data stored or processed on the device, such as video streams, credentials, and configuration secrets, is exposed to the attacker. The attacker can modify device configuration, disable the camera, or pivot to other network segments reachable from the device. Camera availability can be disrupted entirely, taking the device offline or rendering its video feed unusable.

Back to search

CRITICALCVE-2026-40624Published 2026-06-18Modified 2026-06-18CNA icscert

CVE-2026-40624: AVer PTC cameras Files or Directories Accessible to External Parties

Improper input validation in AVer PTC500S, PTC115, PTC500+, and PTC115+ cameras may allow a remote, unauthenticated attacker to achieve arbitrary code execution via a specially crafted web request.

CVSS v4.0: 9.3
Severity: CRITICAL
Fixed in: —
Affected Products: 4

HarborGuard Analysis

Synopsis

An improper input validation vulnerability affects AVer PTC500S, PTC115, PTC500+, and PTC115+ network cameras, reachable over the network without any authentication. A remote attacker can send a specially crafted web request to exploit the flaw. Successful exploitation gives the attacker arbitrary code execution on the affected device. HarborGuard is tracking this advisory and will make a patched-image rebuild available the moment an upstream fix is published.

HarborGuard Coverage

Detection

Detection for CVE-2026-40624 is available across every HarborGuard environment: the CVE is ingested from upstream feeds, including ICS-CERT advisories, within minutes of publication and matched against customer images in connected registries and CI/CD pipelines, covering both vendor-supplied and custom-built images that include affected AVer camera firmware or management layers.

Available

Triage

HarborGuard scores this CVE at 9.3 Critical using the CVSS v4.0 vector and is capable of weighting that score against each customer environment's compliance policy to reflect actual exposure. Findings are routed to the appropriate team inbox within each customer organization based on configured ownership rules.

Available

Patch

No fix version has been published by AVer for any affected PTC camera model. HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment an upstream fix is released; for customers with auto-remediation enabled, the rebuild, regression run, and PR against affected workloads will follow without manual intervention.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The attacker must be able to reach the camera's web interface over the network; there is no requirement for adjacent-network or physical access.
AuthenticationNot required
No account or credential of any privilege level is needed to send the malicious request.
Victim interactionNot required
The attacker acts entirely on their own; no user on the target device needs to click a link or take any action.
Attack complexityDetail
Exploitation is reliable and condition-free, with no race conditions, memory-layout dependencies, or other environmental factors required.

Blast Radius

The attacker gains arbitrary code execution on the camera device, enabling full control of its firmware environment.
Confidential data stored or processed on the device, such as video streams, credentials, and configuration secrets, is exposed to the attacker.
The attacker can modify device configuration, disable the camera, or pivot to other network segments reachable from the device.
Camera availability can be disrupted entirely, taking the device offline or rendering its video feed unusable.

How HarborGuard Handles This

Available on HarborGuard: because no upstream fix exists for any affected AVer PTC camera model, HarborGuard continuously monitors the ICS-CERT advisory on every ingest cycle and will trigger a patched-image rebuild automatically the moment AVer publishes a fix. For customers with auto-remediation enabled, that rebuild will be followed immediately by a regression run and a PR opened against affected workloads, with no manual steps required. In the interim, compensating controls are available to reduce exposure: network-policy rules can be applied to restrict inbound access to camera management interfaces to trusted source addresses only; egress filtering can limit lateral movement from a compromised device; and where the web management interface is not operationally required, feature-flag or firewall-level gating can disable external access to the affected endpoint entirely. Given the Critical severity and zero-authentication exploit path, HarborGuard recommends applying network isolation controls immediately while awaiting an upstream patch.

See how HarborGuard automates this

Affected packages

AVer / PTC500S
*
AVer / PTC115
*
AVer / PTC500+
*
AVer / PTC115+
*

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

Metrics

Get notified