Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Pt30x\-Sdi_firmware
(Ptzoptics)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 2 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-09-17 | CVE-2024-8956 | PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent without an HTTP Authorization header. The result is a remote and unauthenticated attacker can leak sensitive data such as usernames, password hashes, and configurations details. Additionally, the attacker can update individual configuration values or overwrite the whole file. | Pt30x\-Ndi\-Xx\-G2_firmware, Pt30x\-Sdi_firmware | 9.1 | ||
| 2024-09-17 | CVE-2024-8957 | PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntp_addr configuration value which may lead to arbitrary command execution when ntp_client is started. When chained with CVE-2024-8956, a remote and unauthenticated attacker can execute arbitrary OS commands on affected devices. | Pt30x\-Ndi\-Xx\-G2_firmware, Pt30x\-Sdi_firmware | 9.8 |