CVE-2024-8956
CVSS V2 None
CVSS V3 None
Description
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent without an HTTP Authorization header. The result is a remote and unauthenticated attacker can leak sensitive data such as usernames, password hashes, and configurations details. Additionally, the attacker can update individual configuration values or overwrite the whole file.
Overview
- CVE ID
- CVE-2024-8956
- Assigner
- VulnCheck
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-09-17T19:59:27.205Z
- Last Modified Date
- 2024-09-17T20:53:58.778Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://ptzoptics.com/firmware-changelog/ | vendor-advisory |
| https://vulncheck.com/advisories/ptzoptics-insufficient-auth | third-party-advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-8956 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8956 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-10-06 02:21:14 | Added to TrackCVE |