PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent without an HTTP Authorization header. The result is a remote and unauthenticated attacker can leak sensitive data such as usernames, password hashes, and configurations details. Additionally, the attacker can update individual configuration values or overwrite the whole file.
Metrics
Affected Vendors & Products
References
History
Tue, 17 Sep 2024 21:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Ptzoptics
Ptzoptics pt30x-sdi.ndi-xx |
|
CPEs | cpe:2.3:a:ptzoptics:pt30x-sdi.ndi-xx:*:*:*:*:*:*:*:* | |
Vendors & Products |
Ptzoptics
Ptzoptics pt30x-sdi.ndi-xx |
|
Metrics |
ssvc
|
Tue, 17 Sep 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent without an HTTP Authorization header. The result is a remote and unauthenticated attacker can leak sensitive data such as usernames, password hashes, and configurations details. Additionally, the attacker can update individual configuration values or overwrite the whole file. | |
Title | PTZOptics NDI and SDI Cameras /cgi-bin/param.cgi Insufficient Authentication | |
Weaknesses | CWE-287 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: VulnCheck
Published: 2024-09-17T19:59:27.205Z
Updated: 2024-09-17T20:53:58.778Z
Reserved: 2024-09-17T19:08:47.005Z
Link: CVE-2024-8956
Vulnrichment
Updated: 2024-09-17T20:53:53.285Z
NVD
Status : Received
Published: 2024-09-17T20:15:07.287
Modified: 2024-09-17T20:15:07.287
Link: CVE-2024-8956
Redhat
No data.