Insufficient Authentication Vulnerability in PTZOptics PT30X-SDI/NDI-xx Before Firmware 6.3.40

CVE-2024-8956

What is CVE-2024-8956?

CVE-2024-8956 and CVE-2024-8957 are zero-day vulnerabilities in PTZOptics pan-tilt-zoom (PTZ) live streaming cameras, allowing attackers to access sensitive data, execute remote code, and take over the camera. The vulnerabilities impact NDI-enabled cameras based on Hisilicon Hi3516A V600 SoC V60, V61, and V63, running VHD PTZ camera firmware versions older than 6.3.40. PTZOptics released a security update for some models but has not fixed others, leaving a broad range of devices potentially affected. The exploitation of these flaws could lead to complete camera takeover, infection with bots, pivoting to other devices connected to the same network, or disruption of video feeds. No known exploitation by ransomware groups has been reported at this time.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

News Articles

CyberSecurityNews

CVE-2024-8957CVE-2024-8956

CISA Warns of PTZOptics Cameras Vulnerability Exploited to Escalate Privileges

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about critical vulnerabilities identified in PTZOptics PT30X-SDI/NDI cameras.

Security Affairs

CVE-2024-8956CVE-2024-8957

PTZOptics cameras zero-days actively exploited in the wild

Hackers are exploiting two zero-day vulnerabilities, tracked as CVE-2024-8956 and CVE-2024-8957, in PTZOptics cameras.

SecurityWeek

CVE-2024-8956

GreyNoise Credits AI for Spotting Exploit Attempts on IoT Livestream Cams

GreyNoise Intelligence says an internal AI tool captured attempts to exploit critical vulnerabilities in commercial livestream IoT cameras.

More News...

References