We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-8957

PTZOptics NDI and SDI Cameras Command Injection via NTP Address Configuration



AssignerVulnCheck
Reserved2024-09-17
Published2024-09-17
Updated2024-11-04

Description

PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntp_addr configuration value which may lead to arbitrary command execution when ntp_client is started. When chained with CVE-2024-8956, a remote and unauthenticated attacker can execute arbitrary OS commands on affected devices.



HIGH: 7.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA Known Exploited Vulnerability

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Product status

Default status
unaffected

Any version before 6.3.40
affected

Default status
unaffected

Any version before 6.3.40
affected

Credits

Konstantin Lazarev of GreyNoise finder

References

https://ptzoptics.com/firmware-changelog/ vendor-advisory

https://vulncheck.com/advisories/ptzoptics-command-injection third-party-advisory

cve.org CVE-2024-8957

nvd.nist.gov CVE-2024-8957

Download JSON

Share this page
https://cve.threatint.com
Subscribe to our newsletter to learn more about our work.

© Copyright 2024 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.