CVE-2024-8956 - PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability
Project:PTZOptics
Product:PT30X-SDI/NDI Cameras
Date Added:2024-11-04Due Date:2024-11-25
Vulnerability Name
PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability
Description
PTZOptics PT30X-SDI/NDI cameras contain an insecure direct object reference (IDOR) vulnerability that allows a remote, attacker to bypass authentication for the /cgi-bin/param.cgi CGI script. If combined with CVE-2024-8957, this can lead to remote code execution as root.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://ptzoptics.com/firmware-changelog/
https://nvd.nist.gov/vuln/detail/CVE-2024-8956
Related News Articles
Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS AttacksJanuary 8, 2025
New Mirai botnet targets industrial routers with zero-day exploitsJanuary 8, 2025