CVE-2024-8957
CVSS V2 None
CVSS V3 None
Description
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntp_addr configuration value which may lead to arbitrary command execution when ntp_client is started. When chained with CVE-2024-8956, a remote and unauthenticated attacker can execute arbitrary OS commands on affected devices.
Overview
- CVE ID
- CVE-2024-8957
- Assigner
- VulnCheck
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-09-17T20:08:25.588Z
- Last Modified Date
- 2024-09-17T20:08:25.588Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://ptzoptics.com/firmware-changelog/ | vendor-advisory |
https://vulncheck.com/advisories/ptzoptics-command-injection | third-party-advisory |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-8957 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8957 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-10-06 02:20:51 | Added to TrackCVE |