Hackers attempt to exploit zero-day flaws in PTZOptics cameras
Take action: If you are using PTZOptics cameras, check if they are in the vulnerable device list. Make sure you isolate the cameras from internet access and make them accessible from trusted zones only. Plan to patch the devices which are under supporta and replace end-of-life models.
Learn More
GreyNoise has identified two zero-day vulnerabilities in PTZOptics pan-tilt-zoom (PTZ) cameras, tracked as CVE-2024-8956 and CVE-2024-8957. Attacks are detected by GreyNoise's threat detection tool, the flaws impact VHD PTZ camera firmware versions earlier than 6.3.40, affecting models across PTZOptics, Multicam Systems SAS, and SMTAV Corporation.
Details of the Vulnerabilities:
-
CVE-2024-8956 (CVSS score 9.1) - Weak Authentication in Web Server: A vulnerability in the embedded lighttpd web server allows unauthorized access to the camera’s CGI API without authentication, exposing usernames, password hashes, and network configurations.
-
CVE-2024-8957 (CVSS score 7.2) - Command Injection via ntp_client: Insufficient input validation in the ntp_client binary allows attackers to insert commands through the ntp.addr parameter, leading to potential remote code execution.
Exploiting these vulnerabilities could lead to:
- Full camera control, including unauthorized video access and manipulation.
- Infection of the device for use in botnets or lateral movement to other networked devices.
- Disruption or disablement of camera functionality.
Affected models include NDI-enabled cameras like PTZOptics PT20X-NDI-G2 and PT12X-NDI-G2, which remain vulnerable due to end-of-life status, as well as PT20X-SE-NDI-G3 and PT30X-SE-NDI-G3, which have yet to receive patches.
Users are advised to isolate the cameras from internet access and make them accessible from trusted zones, as well as to replace end-of-life models.
