PTZOptics Product Security Update Advisory (CVE-2024-8956)
Overview
An update has been released to address vulnerabilities in PTZOptics Products. Users of the affected versions are advised to update to the latest version.
Affected Products
CVE-2024-8956
- PTZOptics PT30X-SDI versions: ~ 6.3.40 (excluded)
- PTZOptics PT30X-NDI-xx-G2 versions: ~ 6.3.40 (excluded)
Resolved Vulnerabilities
The camera does not properly enforce authentication for /cgi-bin/param.cgi when the request is sent without an HTTP authentication header, which could allow remote, unauthenticated attackers to exfiltrate sensitive data such as usernames, password hashes, and configuration details (CVE-2024-8956)
Vulnerability Patches
The following product-specific Vulnerability Patches have been made available in the latest update. If you are using an affected version, Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
CVE-2024-8956
- PTZOptics PT30X-SDI version: 6.3.40
- PTZOptics PT30X-NDI-xx-G2 version: 6.3.40
References
[1] PTZOptics NDI and SID Cameras /cgi-bin/param.cgi Insufficient Authentication
https://vulncheck.com/advisories/ptzoptics-insufficient-auth
[2] Looking to download the right firmware for your PTZOptics camera?