Overview
- Description
- PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntp_addr configuration value which may lead to arbitrary command execution when ntp_client is started. When chained with CVE-2024-8956, a remote and unauthenticated attacker can execute arbitrary OS commands on affected devices.
- Source
- disclosure@vulncheck.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Known exploits
Data from CISA
- Vulnerability name
- PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability
- Exploit added on
- Nov 4, 2024
- Exploit action due
- Nov 25, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Social media
- Hype score
- Not currently trending
Actively exploited CVE : CVE-2024-8957
@transilienceai
11 Nov 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-8956 is getting exploited #inthewild. Find out more at https://t.co/dj4ogY4kpa CVE-2024-8957 is getting exploited #inthewild. Find out more at https://t.co/bTKhPPhe5Y
@inthewildio
6 Nov 2024
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#DOYOUKNOWCVE Two critical vulnerabilities CVE-2024-8956 & CVE-2024-8957 are impacting PTZ Optics (pan-tilt-zoom) cameras, particularly in the PTZOptics PT30X-SDI/NDI models. These vulnerabilities are actively exploited in the wild. CVE-2024-8956 - This vulnerability arises
@Loginsoft_Inc
6 Nov 2024
53 Impressions
2 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
#DOYOUKNOWCVE Two critical vulnerabilities CVE-2024-8956 & CVE-2024-8957 are impacting PTZ Optics (pan-tilt-zoom) cameras, particularly in the PTZOptics PT30X-SDI/NDI models. These vulnerabilities are actively exploited in the wild. CVE-2024-8956 - This vulnerability arises
@Loginsoft_Inc
6 Nov 2024
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA adds PTZOptics flaws to its KEV Catalog #CISAKEV #PTZOptics #CVE-2024-8956 #CVE-2024-8957 https://t.co/Oo7L9CbnWK
@pravin_karthik
5 Nov 2024
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-8957 #PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability https://t.co/ck251pF1V3
@ScyScan
4 Nov 2024
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added #PTZOptics PT30X-SDI/NDI camera vulnerabilities, CVE-2024-8956 & CVE-2024-8957 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/b70jkr
@CISACyber
4 Nov 2024
6218 Impressions
25 Retweets
39 Likes
5 Bookmarks
1 Reply
5 Quotes
Alert 🚨 - CVE-2024-8956 (CVSS 9.1) - CVE-2024-8957 (CVSS 7.2) PTZOptics device firmware before 6.3.40 is vulnerable an authorization flaw leading to an RCE. The vulnerability is actively exploited in the wild and has been integrated into Patrowl.🦉 Image: GreyNoise https://t.
@Patrowl_io
4 Nov 2024
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-8956 & CVE-2024-8957: Two Actively Exploited Vulnerabilities in PTZ Cameras https://t.co/TZ9xUNpqFs
@Dinosn
4 Nov 2024
2108 Impressions
8 Retweets
14 Likes
6 Bookmarks
0 Replies
1 Quote
PTZOptics cameras zero-days actively exploited in the wild. Hackers are exploiting two zero-day vulnerabilities, tracked as CVE-2024-8956 and CVE-2024-8957, in PTZOptics cameras ⬇️⬇️⬇️⬇️⬇️ https://t.co/5rGTRhA2Pg
@ciberconsejo
2 Nov 2024
107 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
PTZOptics cameras zero-days actively exploited in the wild https://t.co/3k5MtloR53 Hackers are exploiting two zero-day vulnerabilities, tracked as CVE-2024-8956 and CVE-2024-8957, in PTZOptics cameras. Threat actors are attempting to exploit two zero-day vulnerabilities, tra…
@f1tym1
2 Nov 2024
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
PTZOptics cameras zero-days actively exploited in the wild: Hackers are exploiting two zero-day vulnerabilities, tracked as CVE-2024-8956 and CVE-2024-8957, in PTZOptics cameras. Threat actors are attempting to exploit two zero-day vulnerabilities,… https://t.co/kHLLhpKp1P https:
@shah_sheikh
2 Nov 2024
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers target critical zero-day vulnerability in PTZ cameras: https://t.co/nVRboehsZI Hackers are exploiting two zero-day vulnerabilities in PTZOptics cameras: CVE-2024-8956, a weak authentication issue allowing unauthorized access to the CGI API, and CVE-2024-8957, which… http
@securityRSS
1 Nov 2024
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
برای دوربین های PTZ دو آسیب پذیری با کدهای شناسایی CVE-2024-8956 و CVE-2024-8957 منتشر شده است. هکرها می توانند با استفاده از آسیب پذیری اول username و هش پسورد دوربین و کانفیگ شبکه را بدست آورند. با استفاده از آسیب پذیری دوم ، امکان اجرای کد وجود دارد. https://t.co/Y2P1U3epiq ht
@AmirHossein_sec
1 Nov 2024
18 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-8956, CVE-2024-8957: How to Steal a 0-Day RCE (With a Little Help from an LLM): https://t.co/QerRdMNEFQ https://t.co/xujqZL4zk7
@shellblues
31 Oct 2024
12103 Impressions
15 Retweets
35 Likes
15 Bookmarks
1 Reply
3 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ptzoptics:pt30x-sdi_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "604C6EEF-4273-4366-AFF2-86C3183F545D",
"versionEndExcluding": "6.3.40"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ptzoptics:pt30x-sdi:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "7462D89D-2105-417F-AB0E-D23C288156C8"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ptzoptics:pt30x-ndi-xx-g2_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B410E242-DFEE-449D-9687-6F4D0BEB8F63",
"versionEndExcluding": "6.3.40"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ptzoptics:pt30x-ndi-xx-g2:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "C8F75E95-D59D-45D4-B798-D0493642F53E"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]