Overview
- Description
- PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent without an HTTP Authorization header. The result is a remote and unauthenticated attacker can leak sensitive data such as usernames, password hashes, and configurations details. Additionally, the attacker can update individual configuration values or overwrite the whole file.
- Source
- disclosure@vulncheck.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.1
- Impact score
- 5.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- Severity
- CRITICAL
Known exploits
Data from CISA
- Vulnerability name
- PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability
- Exploit added on
- Nov 4, 2024
- Exploit action due
- Nov 25, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Social media
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
Actively exploited CVE : CVE-2024-8956
@transilienceai
14 Nov 2024
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-8956
@transilienceai
12 Nov 2024
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2024-8956 is getting exploited #inthewild. Find out more at https://t.co/dj4ogY4kpa CVE-2024-8957 is getting exploited #inthewild. Find out more at https://t.co/bTKhPPhe5Y
@inthewildio
6 Nov 2024
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#DOYOUKNOWCVE Two critical vulnerabilities CVE-2024-8956 & CVE-2024-8957 are impacting PTZ Optics (pan-tilt-zoom) cameras, particularly in the PTZOptics PT30X-SDI/NDI models. These vulnerabilities are actively exploited in the wild. CVE-2024-8956 - This vulnerability arises
@Loginsoft_Inc
6 Nov 2024
53 Impressions
2 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
#DOYOUKNOWCVE Two critical vulnerabilities CVE-2024-8956 & CVE-2024-8957 are impacting PTZ Optics (pan-tilt-zoom) cameras, particularly in the PTZOptics PT30X-SDI/NDI models. These vulnerabilities are actively exploited in the wild. CVE-2024-8956 - This vulnerability arises
@Loginsoft_Inc
6 Nov 2024
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA adds PTZOptics flaws to its KEV Catalog #CISAKEV #PTZOptics #CVE-2024-8956 #CVE-2024-8957 https://t.co/Oo7L9CbnWK
@pravin_karthik
5 Nov 2024
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-8956 #PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability https://t.co/dk79claMNE
@ScyScan
4 Nov 2024
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added #PTZOptics PT30X-SDI/NDI camera vulnerabilities, CVE-2024-8956 & CVE-2024-8957 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/b70jkr
@CISACyber
4 Nov 2024
6218 Impressions
25 Retweets
39 Likes
5 Bookmarks
1 Reply
5 Quotes
Alert 🚨 - CVE-2024-8956 (CVSS 9.1) - CVE-2024-8957 (CVSS 7.2) PTZOptics device firmware before 6.3.40 is vulnerable an authorization flaw leading to an RCE. The vulnerability is actively exploited in the wild and has been integrated into Patrowl.🦉 Image: GreyNoise https://t.
@Patrowl_io
4 Nov 2024
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-8956 & CVE-2024-8957: Two Actively Exploited Vulnerabilities in PTZ Cameras https://t.co/TZ9xUNpqFs
@Dinosn
4 Nov 2024
2108 Impressions
8 Retweets
14 Likes
6 Bookmarks
0 Replies
1 Quote
🚨CVE Alert: PTZOptics Cameras Improper Authentication Vulnerability Exploited In-the-Wild🚨 Vulnerability Details: CVE-2024-8956 (CVSS 9.1/10) PTZOptics NDI and SDI Cameras Improper Authentication Vulnerability Impact A successful exploit allow an attacker to access sensitive…
@CyberxtronTech
4 Nov 2024
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
PTZOptics cameras zero-days actively exploited in the wild. Hackers are exploiting two zero-day vulnerabilities, tracked as CVE-2024-8956 and CVE-2024-8957, in PTZOptics cameras ⬇️⬇️⬇️⬇️⬇️ https://t.co/5rGTRhA2Pg
@ciberconsejo
2 Nov 2024
107 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
PTZOptics cameras zero-days actively exploited in the wild https://t.co/3k5MtloR53 Hackers are exploiting two zero-day vulnerabilities, tracked as CVE-2024-8956 and CVE-2024-8957, in PTZOptics cameras. Threat actors are attempting to exploit two zero-day vulnerabilities, tra…
@f1tym1
2 Nov 2024
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
PTZOptics cameras zero-days actively exploited in the wild: Hackers are exploiting two zero-day vulnerabilities, tracked as CVE-2024-8956 and CVE-2024-8957, in PTZOptics cameras. Threat actors are attempting to exploit two zero-day vulnerabilities,… https://t.co/kHLLhpKp1P https:
@shah_sheikh
2 Nov 2024
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers target critical zero-day vulnerability in PTZ cameras: https://t.co/nVRboehsZI Hackers are exploiting two zero-day vulnerabilities in PTZOptics cameras: CVE-2024-8956, a weak authentication issue allowing unauthorized access to the CGI API, and CVE-2024-8957, which… http
@securityRSS
1 Nov 2024
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
برای دوربین های PTZ دو آسیب پذیری با کدهای شناسایی CVE-2024-8956 و CVE-2024-8957 منتشر شده است. هکرها می توانند با استفاده از آسیب پذیری اول username و هش پسورد دوربین و کانفیگ شبکه را بدست آورند. با استفاده از آسیب پذیری دوم ، امکان اجرای کد وجود دارد. https://t.co/Y2P1U3epiq ht
@AmirHossein_sec
1 Nov 2024
18 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Kritieke beveiligingslek in ptzoptics camera's omzeilt authenticatie https://t.co/7oZN2fgYx6 #PTZOptics CVE-2024-8956 #Firmware Update Beveiligingslek #Authenticatieprobleem PTZOptics #CVE-2024-8956 Kwetsbaarheid #PTZOptics Camera Beveiliging #Trending #Tech #Nieuws
@TrendingNewsBot
1 Nov 2024
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Belangrijke beveiligingslek ontdekt in ptzoptics camera firmware https://t.co/FdXuqE3Vae #CVE-2024-8956 #PTZOptics kwetsbaarheid #firmware update #camera beveiligingslek #gevoelige gegevensbescherming #Trending #Tech #Nieuws
@TrendingNewsBot
1 Nov 2024
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Kritieke beveiligingsfout ontdekt in ptzoptics camera firmware https://t.co/ZyowEwuuy1 #CVE-2024-8956 #PTZOptics Firmware Update #PT30X-SDI/NDI Beveiligingsfout #Insufficient Authentication #Gevoelige Gegevens Lek #Trending #Tech #Nieuws
@TrendingNewsBot
1 Nov 2024
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Alert: Hackers Exploiting Zero-Day Flaws in PTZ Cameras ⚠️ Hackers are targeting two zero-day vulnerabilities in PTZOptics cameras, used across critical sectors including healthcare, government, and industrial settings. Here’s a breakdown of the CVEs: CVE-2024-8956: Weak… h
@Ransom_DB
1 Nov 2024
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-8956, CVE-2024-8957: How to Steal a 0-Day RCE (With a Little Help from an LLM): https://t.co/QerRdMNEFQ https://t.co/xujqZL4zk7
@shellblues
31 Oct 2024
12103 Impressions
15 Retweets
35 Likes
15 Bookmarks
1 Reply
3 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ptzoptics:pt30x-sdi_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "604C6EEF-4273-4366-AFF2-86C3183F545D",
"versionEndExcluding": "6.3.40"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ptzoptics:pt30x-sdi:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "7462D89D-2105-417F-AB0E-D23C288156C8"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ptzoptics:pt30x-ndi-xx-g2_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B410E242-DFEE-449D-9687-6F4D0BEB8F63",
"versionEndExcluding": "6.3.40"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ptzoptics:pt30x-ndi-xx-g2:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "C8F75E95-D59D-45D4-B798-D0493642F53E"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]