cbcvebase.
CVE-2024-8957
published 2024-09-17

CVE-2024-8957: PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntp_addr…

PriorityP190high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
KEVITWRansomware
CISA Known Exploited Vulnerabilitydue 2024-11-25
Exploited in the wild
EPSS
81.97%
99.6th percentile
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntp_addr configuration value which may lead to arbitrary command execution when ntp_client is started. When chained with CVE-2024-8956, a remote and unauthenticated attacker can execute arbitrary OS commands on affected devices.

Affected

2 ranges
VendorProductVersion rangeFixed in
ptzopticspt30x-ndi-xx-g2_firmware< 6.3.406.3.40
ptzopticspt30x-sdi_firmware< 6.3.406.3.40

Detection & IOCsextracted from sources · hover to see the quote

path/cgi-bin/param.cgi
processntp_client
  • Monitor HTTP requests to /cgi-bin/param.cgi that are sent without an HTTP Authorization header, as CVE-2024-8956 allows unauthenticated access to this endpoint which is then chained with CVE-2024-8957 for RCE.
  • Inspect the ntp_addr parameter in requests to /cgi-bin/param.cgi for OS command injection payloads (e.g., shell metacharacters, backticks, semicolons, pipe characters).
  • Watch for wget-based shell script downloads originating from PTZ camera devices, indicative of post-exploitation reverse shell staging.
  • Leaked MD5 password hashes from /cgi-bin/param.cgi responses should be treated as compromised; monitor for subsequent authentication attempts using cracked credentials.
  • ·CVE-2024-8957 requires chaining with CVE-2024-8956 for unauthenticated exploitation; standalone it requires high-privilege (PR:H) access per CVSS scoring.
  • ·Models PT20X-NDI-G2 and PT12X-NDI-G2 reached end-of-life and did not receive a patch; PT20X-SE-NDI-G3 and PT30X-SE-NDI-G3 were also found vulnerable after the initial patch release.

CVSS provenance

nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
vulncheck9.1CRITICAL
cisa9.1CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.