Description

PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent without an HTTP Authorization header. The result is a remote and unauthenticated attacker can leak sensitive data such as usernames, password hashes, and configurations details. Additionally, the attacker can update individual configuration values or overwrite the whole file.

INFO

Published Date :

2024-09-17T19:59:27.205Z

Last Modified :

2025-11-22T12:09:58.681Z

Source :

VulnCheck
AFFECTED PRODUCTS

The following products are affected by CVE-2024-8956 vulnerability.

Vendors Products
Ptzoptics
  • Pt30x-ndi-xx-g2
  • Pt30x-ndi-xx-g2 Firmware
  • Pt30x-sdi
  • Pt30x-sdi Firmware
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-8956.

URL Resource
https://ptzoptics.com/firmware-changelog/ cve-icon cve-icon
https://vulncheck.com/advisories/ptzoptics-insufficient-auth cve-icon cve-icon
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-8956 cve-icon cve-icon
https://www.greynoise.io/blog/greynoise-intelligence-discovers-zero-day-vulnerabilities-in-live-streaming-cameras-with-the-help-of-ai cve-icon cve-icon
https://www.labs.greynoise.io/grimoire/2024-10-31-sift-0-day-rce/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact