Description

PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntp_addr configuration value which may lead to arbitrary command execution when ntp_client is started. When chained with CVE-2024-8956, a remote and unauthenticated attacker can execute arbitrary OS commands on affected devices.

INFO

Published Date :

2024-09-17T20:08:25.588Z

Last Modified :

2025-12-27T16:47:39.385Z

Source :

VulnCheck
AFFECTED PRODUCTS

The following products are affected by CVE-2024-8957 vulnerability.

Vendors Products
Ptzoptics
  • Pt30x-ndi-xx-g2
  • Pt30x-ndi-xx-g2 Firmware
  • Pt30x-ndi Firmware
  • Pt30x-sdi
  • Pt30x-sdi Firmware
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-8957.

URL Resource
https://ptzoptics.com/firmware-changelog/ cve-icon cve-icon
https://vulncheck.com/advisories/ptzoptics-command-injection cve-icon cve-icon
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-8957 cve-icon cve-icon
https://www.greynoise.io/blog/greynoise-intelligence-discovers-zero-day-vulnerabilities-in-live-streaming-cameras-with-the-help-of-ai cve-icon cve-icon
https://www.labs.greynoise.io/grimoire/2024-10-31-sift-0-day-rce/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact