216.73.216.133

CVE-2024-8957

· Published 04/11/2024 01:00 · Modified 21/12/2025 09:48 · Author: Cybersecurity and Infrastructure Security Agency

Labels: CVE-2024-8957 2024-09-17CVE-2024-8957CWE-78[email protected]

Essential information

Published
04/11/2024 01:00
Modified
21/12/2025 09:48
Author
Cybersecurity and Infrastructure Security Agency
Creator
Cybersecurity and Infrastructure Security Agency
CVSS
7.2 HIGH (v3.1)
CISA KEV
Yes
CWE
CVSS vector
CVSS:3.1/AV:N/C:H/I:H/A:H

CVSS metrics

Description

PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntp_addr configuration value which may lead to arbitrary command execution when ntp_client is started. When chained with CVE-2024-8956, a remote and unauthenticated attacker can execute arbitrary OS commands on affected devices.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
ptzoptics / pt30x-sdi firmware cpe:2.3:o:ptzoptics:pt30x-sdi_firmware:*:*:*:*:*:*:*:*
ptzoptics / pt30x-sdi cpe:2.3:h:ptzoptics:pt30x-sdi:-:*:*:*:*:*:*:*
ptzoptics / pt30x-ndi-xx-g2 firmware cpe:2.3:o:ptzoptics:pt30x-ndi-xx-g2_firmware:*:*:*:*:*:*:*:*
ptzoptics / pt30x-ndi-xx-g2 cpe:2.3:h:ptzoptics:pt30x-ndi-xx-g2:-:*:*:*:*:*:*:*

References