216.73.216.36

CVE-2024-8956

· Published 04/11/2024 01:00 · Modified 21/12/2025 09:48 · Author: Cybersecurity and Infrastructure Security Agency

Labels: CVE-2024-8956 2024-09-17CVE-2024-8956CWE-287[email protected]

Essential information

Published
04/11/2024 01:00
Modified
21/12/2025 09:48
Author
Cybersecurity and Infrastructure Security Agency
Creator
Cybersecurity and Infrastructure Security Agency
CVSS
9.1 CRITICAL (v3.1)
CISA KEV
Yes
CWE
CVSS vector
CVSS:3.1/AV:N/C:H/I:H/A:N

CVSS metrics

Description

PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent without an HTTP Authorization header. The result is a remote and unauthenticated attacker can leak sensitive data such as usernames, password hashes, and configurations details. Additionally, the attacker can update individual configuration values or overwrite the whole file.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
ptzoptics / pt30x-sdi firmware cpe:2.3:o:ptzoptics:pt30x-sdi_firmware:*:*:*:*:*:*:*:*
ptzoptics / pt30x-sdi cpe:2.3:h:ptzoptics:pt30x-sdi:-:*:*:*:*:*:*:*
ptzoptics / pt30x-ndi-xx-g2 firmware cpe:2.3:o:ptzoptics:pt30x-ndi-xx-g2_firmware:*:*:*:*:*:*:*:*
ptzoptics / pt30x-ndi-xx-g2 cpe:2.3:h:ptzoptics:pt30x-ndi-xx-g2:-:*:*:*:*:*:*:*

References

Related entities

Attack reports, intrusion sets, malwares, attack patterns and indicators linked to this vulnerability.

Attack reports (1)