CVE-2024-8957

Summary

CVE-2024-8957 is a vulnerability affecting PTZOptics PT30X-SDI/NDI-xx cameras prior to firmware version 6.3.40, which is susceptible to OS command injection due to inadequate validation of the ntp_addr configuration. This flaw can lead to arbitrary command execution when the ntp_client is initiated, and when combined with CVE-2024-8956, it allows a remote, unauthenticated attacker to execute commands on the affected devices. The potential impact includes serious threats to confidentiality, integrity, and availability of the system, rated as high severity with a CVSS score of 7.2. To remediate this vulnerability, organizations should update their camera firmware to version 6.3.40 or later as soon as possible. Failure to address this issue may leave systems open to significant security risks and exploitation by malicious actors.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.