CVE-2024-8957

CVSS V2 None CVSS V3 None
Description
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntp_addr configuration value which may lead to arbitrary command execution when ntp_client is started. When chained with CVE-2024-8956, a remote and unauthenticated attacker can execute arbitrary OS commands on affected devices.
Overview
  • CVE ID
  • CVE-2024-8957
  • Assigner
  • VulnCheck
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-09-17T20:08:25.588Z
  • Last Modified Date
  • 2024-09-17T20:08:25.588Z
References
Reference URL Reference Tags
https://ptzoptics.com/firmware-changelog/ vendor-advisory
https://vulncheck.com/advisories/ptzoptics-command-injection third-party-advisory
History
Created Old Value New Value Data Type Notes
2024-10-06 02:20:51 Added to TrackCVE