← Back

CVE-2024-8956

nvd nist
Published: Sep 17, 2024Modified: Oct 27, 2025CISA KEV

JSON object

Loading...
9.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Exploitability: 3.9 / Impact: 5.2
Source: NVD

Description

PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent without an HTTP Authorization header. The result is a remote and unauthenticated attacker can leak sensitive data such as usernames, password hashes, and configurations details. Additionally, the attacker can update individual configuration values or overwrite the whole file.

Affected (2)

Ptzoptics
2 products
Pt30x Sdi Firmware
Pt30x Ndi Xx G2 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Pt30x Sdi Firmware
Before 6.3.40
Running on/withPlatform Versions
Ptzoptics
Pt30x Sdi
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Pt30x Ndi Xx G2 Firmware
Before 6.3.40
Running on/withPlatform Versions
Ptzoptics
Pt30x Ndi Xx G2
All versions

Related CWEs

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CWE-306
Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (5)

Source: disclosure@vulncheck.com
Release Notes
Source: disclosure@vulncheck.com
Third Party Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Third Party Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
ExploitThird Party Advisory

Timeline

No history available yet.