CVE-2024-8957

PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntpaddr configuration value which may lead to arbitrary command execution when ntpclient is started. When chained with CVE-2024-8956, a remote and...

PTZOptics Camera Multiple Vulnerabilities (Direct Check)

Binary data ptzopticscameraCVE-2024-8956.nbin...

CVE-2024-8957

PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntpaddr configuration value which may lead to arbitrary command execution when ntpclient is started. When chained with CVE-2024-8956, a remote and...

CVE-2024-8956

PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent without an HTTP Authorization header. The result is a remote and unauthenticated attacker can...

CVE-2024-8957 PTZOptics NDI and SDI Cameras Command Injection via NTP Address Configuration

PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntpaddr configuration value which may lead to arbitrary command execution when ntpclient is started. When chained with CVE-2024-8956, a remote and...

CVE-2024-8957

PTZOptics PT30X-SDI/NDI-xx devices running firmware prior to 6.3.40 are vulnerable to an OS command injection via the ntp_addr parameter in ntp_client, enabling a remote, unauthenticated attacker to execute arbitrary commands on affected cameras. This CVE (CVE-2024-8957) is paired with CVE-2024-8...

CVE-2024-8956

PTZOptics PT30X-SDI/NDI-xx devices prior to firmware 6.3.40 are affected by an insufficient authentication vulnerability in /cgi-bin/param.cgi, enabling remote, unauthenticated data leakage (usernames, password hashes, configurations) and the ability to update individual settings or overwrite the...

CVE-2024-8957

PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntpaddr configuration value which may lead to arbitrary command execution when ntpclient is started. When chained with CVE-2024-8956, a remote and...

PT-2024-7556 · Ptzoptics · Ptzoptics Pt30X-Sdi/Ndi Cameras

Name of the Vulnerable Software and Affected Versions: PTZOptics PT30X-SDI/NDI Cameras versions prior to firmware 6.3.40 Description: The issue is related to an OS command injection problem. The camera does not sufficiently validate the ntp addr configuration value, which may lead to arbitrary...