// For flags

CVE-2024-8956

PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability

Severity Score

9.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

Yes
*KEV

Decision

Act
*SSVC
Descriptions

PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent without an HTTP Authorization header. The result is a remote and unauthenticated attacker can leak sensitive data such as usernames, password hashes, and configurations details. Additionally, the attacker can update individual configuration values or overwrite the whole file.

PTZOptics PT30X-SDI/NDI cameras contain an insecure direct object reference (IDOR) vulnerability that allows a remote, attacker to bypass authentication for the /cgi-bin/param.cgi CGI script. If combined with CVE-2024-8957, this can lead to remote code execution as root.

*Credits: Konstantin Lazarev of GreyNoise
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Act
Exploitation
Active
Automatable
Yes
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2024-09-17 CVE Reserved
  • 2024-09-17 CVE Published
  • 2024-11-04 CVE Updated
  • 2024-11-04 Exploited in Wild
  • 2024-11-19 EPSS Updated
  • 2024-11-25 KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-287: Improper Authentication
CAPEC
  • CAPEC-114: Authentication Abuse
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
PTZOptics
Search vendor "PTZOptics"
PT30X-SDI
Search vendor "PTZOptics" for product "PT30X-SDI"
< 6.3.40
Search vendor "PTZOptics" for product "PT30X-SDI" and version " < 6.3.40"
en
Affected
PTZOptics
Search vendor "PTZOptics"
PT30X-NDI
Search vendor "PTZOptics" for product "PT30X-NDI"
< 6.3.40
Search vendor "PTZOptics" for product "PT30X-NDI" and version " < 6.3.40"
en
Affected