CVE-2024-8956

inthewildio

CVE-2024-8956 is getting exploited #inthewild. Find out more at https://t.co/dj4ogY4kpa CVE-2024-8957 is getting exploited #inthewild. Find out more at https://t.co/bTKhPPhe5Y

intruXpert

Vulnerability Hunting Tips & Tricks Inspired by CVE-2024-8956/8957 Just read a fascinating article about how an LLM helped uncover two 0-days in VHD PTZ cameras. Here's what caught my eye: LLMs can be powerful allies: The author started by using an LLM-powered threat hunting tool called Sift to sift through millions of HTTP events. This helped them find unusual activity that led to the discovery of the vulnerabilities. Don't ignore the basics: Even simple authentication checks matter! The cameras lacked proper authentication, allowing access to sensitive info without credentials. Always double-check those security fundamentals! Dig deep into firmware: Analyzing the firmware revealed how network configuration files were handled, paving the way for the file write vulnerability. Don't be afraid to get your hands dirty with firmware analysis! Think like an attacker: By understanding how the ntp_client binary worked, the author was able to craft input that led to command injection. Putting yourself in the attacker's shoes can be key to finding vulnerabilities. Share your findings responsibly: The author worked with VulnCheck to ensure responsible disclosure. Let's all be good security citizens and help make the internet safer! Let's keep learning and pushing the boundaries of vulnerability research! #vulnerabilityresearch #cybersecurity #0day #LLM #infosec #bugbountytips #hack https://t.co/vv2nWickJQ

Ransom_DB

Alert: Hackers Exploiting Zero-Day Flaws in PTZ Cameras Hackers are targeting two zero-day vulnerabilities in PTZOptics cameras, used across critical sectors including healthcare, government, and industrial settings. Here’s a breakdown of the CVEs: CVE-2024-8956: Weak authentication in the lighthttpd web server exposes usernames, MD5 password hashes, and network configs via the CGI API, bypassing authorization. CVE-2024-8957: Insufficient input sanitization in the ntp.addr field lets attackers use crafted payloads to inject commands and achieve remote code execution. Affected models are NDI-enabled cameras with Hisilicon Hi3516A SoC running firmware below version 6.3.40. PTZOptics issued a patch on Sept 17, but legacy models (e.g., PT20X-NDI-G2) and certain new models (PT20X-SE-NDI-G3) remain vulnerable.