CVE-2024-8956

Oct. 1, 2024, 4:01 p.m.

9.1
Critical

Description

PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent without an HTTP Authorization header. The result is a remote and unauthenticated attacker can leak sensitive data such as usernames, password hashes, and configurations details. Additionally, the attacker can update individual configuration values or overwrite the whole file.

Product(s) Impacted

Vendor Product Versions
Ptzoptics
  • Pt30x-sdi Firmware
  • Pt30x-sdi
  • Pt30x-ndi-xx-g2 Firmware
  • Pt30x-ndi-xx-g2
  • *
  • -
  • *
  • -

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o ptzoptics pt30x-sdi_firmware / / / / / / / /
h ptzoptics pt30x-sdi - / / / / / / /
o ptzoptics pt30x-ndi-xx-g2_firmware / / / / / / / /
h ptzoptics pt30x-ndi-xx-g2 - / / / / / / /

References

https://ptzoptics.com/firmware-changelog/
https://vulncheck.com/advisories/ptzoptics-insufficient-auth

Tags

CWE-287
disclosure@vulncheck.com
2024-09-17
CVE-2024-8956

CVSS Score

9.1 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: NONE

    • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

    View Vector String

Timeline

Published: Sept. 17, 2024, 8:15 p.m.
Last Modified: Oct. 1, 2024, 4:01 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

disclosure@vulncheck.com

Relations

Here is the list of observables linked to the vulnerability CVE-2024-8956 using threat intelligence.

  • Mirai
  • Gayfemboy
  • Gayfemboy

Linked Attack Reports

Gayfemboy: A Botnet Deliver Through a Four-Faith Industrial Router 0-day Exploit.

The Gayfemboy botnet, discovered in February 2024, has evolved from a simple Mirai derivative into a sophisticated large-scale botnet. It exploits a 0-day vulnerability in Four-Faith industrial routers and unknown vulnerabilities in other devices to spread. With over 15,000 daily active nodes acros…
ddos
botnet
CVE-2024-12856
four-faith
2025-01-08
0-day
gayfemboy
industrial-router
Published: January 8, 2025
Linked vulnerabilities : CVE-2024-8956 (CVSS 9.1), CVE-2024-8957 (CVSS 9.8), CVE-2024-12856 (CVSS 7.2), CVE-2013-7471
Downloadable IOCs: 56

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.