CVE-2024-8956

Summary

CVE-2024-8956 identifies a critical vulnerability in PTZOptics PT30X-SDI and NDI cameras prior to firmware version 6.3.40, which is due to insufficient authentication for the /cgi-bin/param.cgi endpoint. This flaw allows remote, unauthenticated attackers to access sensitive information such as usernames, password hashes, and configuration details, as well as the ability to modify or overwrite configuration files. The vulnerability has a CVSS base score of 9.1, indicating high potential impact on confidentiality and integrity with low attack complexity and no required user interaction. To remediate this issue, users are advised to update their camera firmware to version 6.3.40 or later as specified by PTZOptics' firmware changelog. Organizations utilizing affected camera models must take immediate action to mitigate the risk of unauthorized data access and manipulation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.