CVE-2024-8956 - PTZOptics PT30X-SDI/NDI Cameras
AI Vulnerability ContextPTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent without an HTTP Authorization header. The result is a remote and unauthenticated attacker can leak sensitive data such as usernames, password hashes, and configurations details. Additionally, the attacker can update...
Overview
A source-backed snapshot of this vulnerability.
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent without an HTTP Authorization header. The result is a remote and unauthenticated attacker can leak sensitive data such as usernames, password hashes, and configurations details. Additionally, the attacker can update individual configuration values or overwrite the whole file.
Vulnerability status
How serious this vulnerability is and whether it is known to be exploited.
- CVE ID
- CVE-2024-8956
- Vendor/project
- PTZOptics
- Product
- PT30X-SDI/NDI Cameras
- Vulnerability name
- PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability
- Date added
- 2024-11-04
- Due date
- 2024-11-25
- Known ransomware campaign use
- Unknown
- CVSS v3
- 9.1
Exploit context
What the vulnerability is about.
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent without an HTTP Authorization header. The result is a remote and unauthenticated attacker can leak sensitive data such as usernames, password hashes, and configurations details. Additionally, the attacker can update individual configuration values or overwrite the whole file.
Source evidence
Original public records and references for this page.
Original source
Original source links
Open the public records and source datasets used for this page.
