CVE-2024-8957
PTZOptics NDI and SDI Cameras Command Injection via NTP Address Configuration
In short
PTZOptics cameras fail to properly check the NTP server address setting, allowing attackers to sneak malicious commands into it. When the camera starts its time synchronization service, these commands run with system privileges, giving attackers complete control of the device.
Technical detail
OS command injection vulnerability in PTZOptics PT30X-SDI/NDI-xx cameras (firmware < 6.3.40) due to insufficient input validation of the ntp_addr configuration parameter. The vulnerability is triggered when ntp_client service starts, allowing arbitrary command execution. When combined with CVE-2024-8956, remote unauthenticated attackers can achieve full system compromise.
Summary generated and translated by AI from the official description.
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntp_addr configuration value which may lead to arbitrary command execution when ntp_client is started. When chained with CVE-2024-8956, a remote and unauthenticated attacker can execute arbitrary OS commands on affected devices.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
public PoCs found — 1
cve_referencewww.labs.greynoise.io/grimoire/2024-10-31-sift-0-day-rce/unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://ptzoptics.com/firmware-changelog/https://vulncheck.com/advisories/ptzoptics-command-injectionhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-8957https://www.greynoise.io/blog/greynoise-intelligence-discovers-zero-day-vulnerabilities-in-live-streaming-cameras-with-the-help-of-aihttps://www.labs.greynoise.io/grimoire/2024-10-31-sift-0-day-rce/