Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-8957 (GCVE-0-2024-8957)
Vulnerability from cvelistv5 – Published: 2024-09-17 20:08 – Updated: 2025-12-27 16:47 X_Known Exploited Vulnerability
VLAI
EPSS
CISA KEV
Title
PTZOptics NDI and SDI Cameras Command Injection via NTP Address Configuration
Summary
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntp_addr configuration value which may lead to arbitrary command execution when ntp_client is started. When chained with CVE-2024-8956, a remote and unauthenticated attacker can execute arbitrary OS commands on affected devices.
Severity
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://ptzoptics.com/firmware-changelog/ | vendor-advisory |
| https://vulncheck.com/advisories/ptzoptics-comman… | third-party-advisory |
Impacted products
Credits
Konstantin Lazarev of GreyNoise
CISA KEV
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: 3ca635d4-25ad-44d4-93fd-57446a2055a9
Exploited: Yes
Timestamps
First Seen: 2024-11-04
Asserted: 2024-11-04
Scope
Notes: KEV entry: PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability | Affected: PTZOptics / PT30X-SDI/NDI Cameras | Description: PTZOptics PT30X-SDI/NDI cameras contain an OS command injection vulnerability that allows a remote, authenticated attacker to escalate privileges to root via a crafted payload with the ntp_addr parameter of the /cgi-bin/param.cgi CGI script. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-11-25 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://ptzoptics.com/firmware-changelog/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-8957
Evidence
Type: Vendor Report
Signal: Successful Exploitation
Confidence: 80%
Source: cisa-kev
Details
| Cwes | CWE-78 |
|---|---|
| Feed | CISA Known Exploited Vulnerabilities Catalog |
| Product | PT30X-SDI/NDI Cameras |
| Due Date | 2024-11-25 |
| Date Added | 2024-11-04 |
| Vendorproject | PTZOptics |
| Vulnerabilityname | PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability |
| Knownransomwarecampaignuse | Unknown |
References
Created: 2026-02-02 12:26 UTC
| Updated: 2026-02-06 07:17 UTC
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:ptzoptics:pt30x-sdi_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pt30x-sdi_firmware",
"vendor": "ptzoptics",
"versions": [
{
"lessThan": "6.3.40",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:ptzoptics:pt30x-ndi_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pt30x-ndi_firmware",
"vendor": "ptzoptics",
"versions": [
{
"lessThan": "6.3.40",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8957",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-08T18:25:10.384044Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-11-04",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-8957"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:44.249Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit",
"technical-description",
"third-party-advisory"
],
"url": "https://www.labs.greynoise.io/grimoire/2024-10-31-sift-0-day-rce/"
},
{
"url": "https://www.greynoise.io/blog/greynoise-intelligence-discovers-zero-day-vulnerabilities-in-live-streaming-cameras-with-the-help-of-ai"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-8957"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-04T00:00:00.000Z",
"value": "CVE-2024-8957 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PT30X-SDI",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "6.3.40",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT30X-NDI",
"vendor": "PTZOptics",
"versions": [
{
"lessThan": "6.3.40",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ptzoptics:pt30x-sdi:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3.40",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ptzoptics:pt30x-ndi-xx-g2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3.40",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Konstantin Lazarev of GreyNoise"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntp_addr configuration value which may lead to arbitrary command execution when ntp_client is started. When chained with CVE-2024-8956, a remote and unauthenticated attacker can execute arbitrary OS commands on affected devices.\u003cbr\u003e"
}
],
"value": "PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntp_addr configuration value which may lead to arbitrary command execution when ntp_client is started. When chained with CVE-2024-8956, a remote and unauthenticated attacker can execute arbitrary OS commands on affected devices."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-27T16:47:39.385Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://ptzoptics.com/firmware-changelog/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/ptzoptics-command-injection"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"x_known-exploited-vulnerability"
],
"title": "PTZOptics NDI and SDI Cameras Command Injection via NTP Address Configuration",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-8957",
"datePublished": "2024-09-17T20:08:25.588Z",
"dateReserved": "2024-09-17T19:08:48.129Z",
"dateUpdated": "2025-12-27T16:47:39.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2024-8957",
"cwes": "[\"CWE-78\"]",
"dateAdded": "2024-11-04",
"dueDate": "2024-11-25",
"knownRansomwareCampaignUse": "Unknown",
"notes": "https://ptzoptics.com/firmware-changelog/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-8957",
"product": "PT30X-SDI/NDI Cameras",
"requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"shortDescription": "PTZOptics PT30X-SDI/NDI cameras contain an OS command injection vulnerability that allows a remote, authenticated attacker to escalate privileges to root via a crafted payload with the ntp_addr parameter of the /cgi-bin/param.cgi CGI script. ",
"vendorProject": "PTZOptics",
"vulnerabilityName": "PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability"
},
"epss": {
"cve": "CVE-2024-8957",
"date": "2026-05-29",
"epss": "0.55516",
"percentile": "0.98114"
},
"fkie_nvd": {
"cisaActionDue": "2024-11-25",
"cisaExploitAdd": "2024-11-04",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability",
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ptzoptics:pt30x-sdi_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"6.3.40\", \"matchCriteriaId\": \"604C6EEF-4273-4366-AFF2-86C3183F545D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ptzoptics:pt30x-sdi:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7462D89D-2105-417F-AB0E-D23C288156C8\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ptzoptics:pt30x-ndi-xx-g2_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"6.3.40\", \"matchCriteriaId\": \"B410E242-DFEE-449D-9687-6F4D0BEB8F63\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:ptzoptics:pt30x-ndi-xx-g2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C8F75E95-D59D-45D4-B798-D0493642F53E\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntp_addr configuration value which may lead to arbitrary command execution when ntp_client is started. When chained with CVE-2024-8956, a remote and unauthenticated attacker can execute arbitrary OS commands on affected devices.\"}, {\"lang\": \"es\", \"value\": \"PTZOptics PT30X-SDI/NDI-xx anterior al firmware 6.3.40 es vulnerable a un problema de inyecci\\u00f3n de comandos del sistema operativo. La c\\u00e1mara no valida suficientemente el valor de configuraci\\u00f3n ntp_addr, lo que puede provocar la ejecuci\\u00f3n de comandos arbitrarios cuando se inicia ntp_client. Cuando se combina con CVE-2024-8956, un atacante remoto y no autenticado puede ejecutar comandos arbitrarios del sistema operativo en los dispositivos afectados.\"}]",
"id": "CVE-2024-8957",
"lastModified": "2024-11-05T02:00:01.697",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"disclosure@vulncheck.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
"published": "2024-09-17T21:15:13.423",
"references": "[{\"url\": \"https://ptzoptics.com/firmware-changelog/\", \"source\": \"disclosure@vulncheck.com\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://vulncheck.com/advisories/ptzoptics-command-injection\", \"source\": \"disclosure@vulncheck.com\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "disclosure@vulncheck.com",
"vulnStatus": "Analyzed",
"weaknesses": "[{\"source\": \"disclosure@vulncheck.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-8957\",\"sourceIdentifier\":\"disclosure@vulncheck.com\",\"published\":\"2024-09-17T21:15:13.423\",\"lastModified\":\"2025-10-27T16:59:44.983\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntp_addr configuration value which may lead to arbitrary command execution when ntp_client is started. When chained with CVE-2024-8956, a remote and unauthenticated attacker can execute arbitrary OS commands on affected devices.\"},{\"lang\":\"es\",\"value\":\"PTZOptics PT30X-SDI/NDI-xx anterior al firmware 6.3.40 es vulnerable a un problema de inyecci\u00f3n de comandos del sistema operativo. La c\u00e1mara no valida suficientemente el valor de configuraci\u00f3n ntp_addr, lo que puede provocar la ejecuci\u00f3n de comandos arbitrarios cuando se inicia ntp_client. Cuando se combina con CVE-2024-8956, un atacante remoto y no autenticado puede ejecutar comandos arbitrarios del sistema operativo en los dispositivos afectados.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}]},\"cisaExploitAdd\":\"2024-11-04\",\"cisaActionDue\":\"2024-11-25\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability\",\"weaknesses\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ptzoptics:pt30x-sdi_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.3.40\",\"matchCriteriaId\":\"604C6EEF-4273-4366-AFF2-86C3183F545D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ptzoptics:pt30x-sdi:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7462D89D-2105-417F-AB0E-D23C288156C8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ptzoptics:pt30x-ndi-xx-g2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.3.40\",\"matchCriteriaId\":\"B410E242-DFEE-449D-9687-6F4D0BEB8F63\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ptzoptics:pt30x-ndi-xx-g2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8F75E95-D59D-45D4-B798-D0493642F53E\"}]}]}],\"references\":[{\"url\":\"https://ptzoptics.com/firmware-changelog/\",\"source\":\"disclosure@vulncheck.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://vulncheck.com/advisories/ptzoptics-command-injection\",\"source\":\"disclosure@vulncheck.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-8957\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]},{\"url\":\"https://www.greynoise.io/blog/greynoise-intelligence-discovers-zero-day-vulnerabilities-in-live-streaming-cameras-with-the-help-of-ai\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.labs.greynoise.io/grimoire/2024-10-31-sift-0-day-rce/\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-8957\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-09-08T18:25:10.384044Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2024-11-04\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-8957\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:ptzoptics:pt30x-sdi_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"ptzoptics\", \"product\": \"pt30x-sdi_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"6.3.40\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:ptzoptics:pt30x-ndi_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"ptzoptics\", \"product\": \"pt30x-ndi_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"6.3.40\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unknown\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2024-11-04T00:00:00+00:00\", \"value\": \"CVE-2024-8957 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.labs.greynoise.io/grimoire/2024-10-31-sift-0-day-rce/\", \"tags\": [\"exploit\", \"technical-description\", \"third-party-advisory\"]}, {\"url\": \"https://www.greynoise.io/blog/greynoise-intelligence-discovers-zero-day-vulnerabilities-in-live-streaming-cameras-with-the-help-of-ai\"}, {\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-8957\", \"tags\": [\"government-resource\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-18T13:52:31.904Z\"}}], \"cna\": {\"tags\": [\"x_known-exploited-vulnerability\"], \"title\": \"PTZOptics NDI and SDI Cameras Command Injection via NTP Address Configuration\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Konstantin Lazarev of GreyNoise\"}], \"impacts\": [{\"capecId\": \"CAPEC-88\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-88 OS Command Injection\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"PTZOptics\", \"product\": \"PT30X-SDI\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"6.3.40\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"PTZOptics\", \"product\": \"PT30X-NDI\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"6.3.40\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://ptzoptics.com/firmware-changelog/\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://vulncheck.com/advisories/ptzoptics-command-injection\", \"tags\": [\"third-party-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntp_addr configuration value which may lead to arbitrary command execution when ntp_client is started. When chained with CVE-2024-8956, a remote and unauthenticated attacker can execute arbitrary OS commands on affected devices.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntp_addr configuration value which may lead to arbitrary command execution when ntp_client is started. When chained with CVE-2024-8956, a remote and unauthenticated attacker can execute arbitrary OS commands on affected devices.\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:h:ptzoptics:pt30x-sdi:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.3.40\", \"versionStartIncluding\": \"0\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}, {\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:h:ptzoptics:pt30x-ndi-xx-g2:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.3.40\", \"versionStartIncluding\": \"0\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}], \"providerMetadata\": {\"orgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"shortName\": \"VulnCheck\", \"dateUpdated\": \"2025-12-27T16:47:39.385Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-8957\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-27T16:47:39.385Z\", \"dateReserved\": \"2024-09-17T19:08:48.129Z\", \"assignerOrgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"datePublished\": \"2024-09-17T20:08:25.588Z\", \"assignerShortName\": \"VulnCheck\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Title
Уязвимость микропрограммного обеспечения веб-камер PTZOptics PT30X-SDI/NDI, связанная с непринятием мер по нейтрализации специальных элементов, используемых в команде операционной системы, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость микропрограммного обеспечения веб-камер PTZOptics PT30X-SDI/NDI связана с непринятием мер по нейтрализации специальных элементов, используемых в команде операционной системы. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код путём отправки специально сформированного запроса с параметром ntp_addr CGI-скрипта /cgi-bin/param.cgi
Severity
Vendor
PTZOptics
Software Name
PT30X-SDI, PT30X-NDI-xx-G2
Software Version
до 6.3.40 (PT30X-SDI), до 6.3.40 (PT30X-NDI-xx-G2)
Possible Mitigations
Установка обновлений из доверенных источников.
В связи со сложившейся обстановкой и введенными санкциями против Российской Федерации рекомендуется устанавливать обновления программного обеспечения только после оценки всех сопутствующих рисков.
Компенсирующие меры:
- использование средств межсетевого экранирования для ограничения возможности удалённого доступа к уязвимым устройствам;
- ограничение доступа к устройствам из внешних сетей (Интернет);
- использование систем обнаружения и предотвращения вторжений с целью выявления и реагирования на попытки эксплуатации уязвимости при выполнении CGI-скриптов;
- использование виртуальных частных сетей для организации удаленного доступа (VPN).
Использование рекомендаций:
https://ptzoptics.com/firmware-changelog/
Reference
https://ptzoptics.com/firmware-changelog/
https://www.labs.greynoise.io/grimoire/2024-10-31-sift-0-day-rce/
https://vulncheck.com/advisories/ptzoptics-command-injection
https://www.fortinet.com/blog/threat-research/growing-threat-of-malware-concealed-behind-cloud-services
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
CWE
CWE-78
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "PTZOptics",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 6.3.40 (PT30X-SDI), \u0434\u043e 6.3.40 (PT30X-NDI-xx-G2)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0438\u0437 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432.\n\u0412 \u0441\u0432\u044f\u0437\u0438 \u0441\u043e \u0441\u043b\u043e\u0436\u0438\u0432\u0448\u0435\u0439\u0441\u044f \u043e\u0431\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u043c\u0438 \u0441\u0430\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0442\u0438\u0432 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0432\u0441\u0435\u0445 \u0441\u043e\u043f\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0440\u0438\u0441\u043a\u043e\u0432.\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u043b\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c;\n- \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c \u0438\u0437 \u0432\u043d\u0435\u0448\u043d\u0438\u0445 \u0441\u0435\u0442\u0435\u0439 (\u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442);\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0438 \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u0439 \u0441 \u0446\u0435\u043b\u044c\u044e \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f \u0438 \u0440\u0435\u0430\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043d\u0430 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u0440\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0438 CGI-\u0441\u043a\u0440\u0438\u043f\u0442\u043e\u0432;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u0447\u0430\u0441\u0442\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0439 \u0434\u043b\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (VPN). \n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://ptzoptics.com/firmware-changelog/",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "17.09.2024",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "06.11.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "05.11.2024",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-08954",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-8957",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "PT30X-SDI, PT30X-NDI-xx-G2",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0432\u0435\u0431-\u043a\u0430\u043c\u0435\u0440 PTZOptics PT30X-SDI/NDI, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b (\u0412\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0443 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b) (CWE-78)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0432\u0435\u0431-\u043a\u0430\u043c\u0435\u0440 PTZOptics PT30X-SDI/NDI \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u043f\u0443\u0442\u0451\u043c \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0437\u0430\u043f\u0440\u043e\u0441\u0430 \u0441 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u043c ntp_addr CGI-\u0441\u043a\u0440\u0438\u043f\u0442\u0430 /cgi-bin/param.cgi",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://ptzoptics.com/firmware-changelog/\nhttps://www.labs.greynoise.io/grimoire/2024-10-31-sift-0-day-rce/\nhttps://vulncheck.com/advisories/ptzoptics-command-injection\nhttps://www.fortinet.com/blog/threat-research/growing-threat-of-malware-concealed-behind-cloud-services\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-78",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}
FKIE_CVE-2024-8957
Vulnerability from fkie_nvd - Published: 2024-09-17 21:15 - Updated: 2025-10-27 16:59
Severity
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntp_addr configuration value which may lead to arbitrary command execution when ntp_client is started. When chained with CVE-2024-8956, a remote and unauthenticated attacker can execute arbitrary OS commands on affected devices.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ptzoptics | pt30x-sdi_firmware | * | |
| ptzoptics | pt30x-sdi | - | |
| ptzoptics | pt30x-ndi-xx-g2_firmware | * | |
| ptzoptics | pt30x-ndi-xx-g2 | - |
{
"cisaActionDue": "2024-11-25",
"cisaExploitAdd": "2024-11-04",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ptzoptics:pt30x-sdi_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "604C6EEF-4273-4366-AFF2-86C3183F545D",
"versionEndExcluding": "6.3.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ptzoptics:pt30x-sdi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7462D89D-2105-417F-AB0E-D23C288156C8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ptzoptics:pt30x-ndi-xx-g2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B410E242-DFEE-449D-9687-6F4D0BEB8F63",
"versionEndExcluding": "6.3.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ptzoptics:pt30x-ndi-xx-g2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F75E95-D59D-45D4-B798-D0493642F53E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntp_addr configuration value which may lead to arbitrary command execution when ntp_client is started. When chained with CVE-2024-8956, a remote and unauthenticated attacker can execute arbitrary OS commands on affected devices."
},
{
"lang": "es",
"value": "PTZOptics PT30X-SDI/NDI-xx anterior al firmware 6.3.40 es vulnerable a un problema de inyecci\u00f3n de comandos del sistema operativo. La c\u00e1mara no valida suficientemente el valor de configuraci\u00f3n ntp_addr, lo que puede provocar la ejecuci\u00f3n de comandos arbitrarios cuando se inicia ntp_client. Cuando se combina con CVE-2024-8956, un atacante remoto y no autenticado puede ejecutar comandos arbitrarios del sistema operativo en los dispositivos afectados."
}
],
"id": "CVE-2024-8957",
"lastModified": "2025-10-27T16:59:44.983",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "disclosure@vulncheck.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-17T21:15:13.423",
"references": [
{
"source": "disclosure@vulncheck.com",
"tags": [
"Release Notes"
],
"url": "https://ptzoptics.com/firmware-changelog/"
},
{
"source": "disclosure@vulncheck.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vulncheck.com/advisories/ptzoptics-command-injection"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-8957"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Third Party Advisory"
],
"url": "https://www.greynoise.io/blog/greynoise-intelligence-discovers-zero-day-vulnerabilities-in-live-streaming-cameras-with-the-help-of-ai"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.labs.greynoise.io/grimoire/2024-10-31-sift-0-day-rce/"
}
],
"sourceIdentifier": "disclosure@vulncheck.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "disclosure@vulncheck.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-9CX9-7V8G-H36V
Vulnerability from github – Published: 2024-09-17 21:30 – Updated: 2025-10-22 00:33
VLAI
Details
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntp_addr configuration value which may lead to arbitrary command execution when ntp_client is started. When chained with CVE-2024-8956, a remote and unauthenticated attacker can execute arbitrary OS commands on affected devices.
Severity
7.2 (High)
{
"affected": [],
"aliases": [
"CVE-2024-8957"
],
"database_specific": {
"cwe_ids": [
"CWE-78"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-17T21:15:13Z",
"severity": "HIGH"
},
"details": "PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntp_addr configuration value which may lead to arbitrary command execution when ntp_client is started. When chained with CVE-2024-8956, a remote and unauthenticated attacker can execute arbitrary OS commands on affected devices.",
"id": "GHSA-9cx9-7v8g-h36v",
"modified": "2025-10-22T00:33:06Z",
"published": "2024-09-17T21:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8957"
},
{
"type": "WEB",
"url": "https://ptzoptics.com/firmware-changelog"
},
{
"type": "WEB",
"url": "https://vulncheck.com/advisories/ptzoptics-command-injection"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-8957"
},
{
"type": "WEB",
"url": "https://www.greynoise.io/blog/greynoise-intelligence-discovers-zero-day-vulnerabilities-in-live-streaming-cameras-with-the-help-of-ai"
},
{
"type": "WEB",
"url": "https://www.labs.greynoise.io/grimoire/2024-10-31-sift-0-day-rce"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
ICSA-25-162-10
Vulnerability from csaf_cisa - Published: 2025-06-12 06:00 - Updated: 2025-06-12 06:00Summary
PTZOptics and Other Pan-Tilt-Zoom Cameras
Notes
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation: Successful exploitation of these vulnerabilities could allow an attacker to leak sensitive data, execute arbitrary commands, and access the admin web interface using hard-coded credentials.
Critical infrastructure sectors: Commercial Facilities, Critical Manufacturing, Government Services and Facilities, Healthcare and Public Health
Countries/areas deployed: Worldwide
Company headquarters location: PTZOptics - United States; multiCAM Systems - United States; ValueHD - China; SMTAV - China
Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:
Recommended Practices: Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Recommended Practices: Locate control system networks and remote devices behind firewalls and isolating them from business networks.
Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Recommended Practices: No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.
9.1 (Critical)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PTZOptics VL Fixed Camera/NDI Fixed Camera: <=7.2.94
ValueHD, PTZOptics, multiCAM Systems, SMTAV / PTZOptics PTZOptics VL Fixed Camera/NDI Fixed Camera
|
<=7.2.94 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV SMTAV Pan-Tilt-Zoom Cameras: vers:all/*
ValueHD, PTZOptics, multiCAM Systems, SMTAV / SMTAV Pan-Tilt-Zoom Cameras
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV multiCAM Systems Pan-Tilt-Zoom Cameras: vers:all/*
ValueHD, PTZOptics, multiCAM Systems, SMTAV / multiCAM Systems Pan-Tilt-Zoom Cameras
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV ValueHD Pan-Tilt-Zoom Cameras: vers:all/*
ValueHD, PTZOptics, multiCAM Systems, SMTAV / ValueHD Pan-Tilt-Zoom Cameras
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
7.2 (High)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PTZOptics VL Fixed Camera/NDI Fixed Camera: <=7.2.94
ValueHD, PTZOptics, multiCAM Systems, SMTAV / PTZOptics PTZOptics VL Fixed Camera/NDI Fixed Camera
|
<=7.2.94 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV SMTAV Pan-Tilt-Zoom Cameras: vers:all/*
ValueHD, PTZOptics, multiCAM Systems, SMTAV / SMTAV Pan-Tilt-Zoom Cameras
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV multiCAM Systems Pan-Tilt-Zoom Cameras: vers:all/*
ValueHD, PTZOptics, multiCAM Systems, SMTAV / multiCAM Systems Pan-Tilt-Zoom Cameras
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV ValueHD Pan-Tilt-Zoom Cameras: vers:all/*
ValueHD, PTZOptics, multiCAM Systems, SMTAV / ValueHD Pan-Tilt-Zoom Cameras
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
9.8 (Critical)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT12X-SDI-xx-G2: <=6.3.34
ValueHD, PTZOptics, multiCAM Systems, SMTAV / PTZOptics PT12X-SDI-xx-G2
|
<=6.3.34 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT12X-NDI-xx: <=6.3.34
ValueHD, PTZOptics, multiCAM Systems, SMTAV / PTZOptics PT12X-NDI-xx
|
<=6.3.34 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT12X-USB-xx-G2: <=6.2.81
ValueHD, PTZOptics, multiCAM Systems, SMTAV / PTZOptics PT12X-USB-xx-G2
|
<=6.2.81 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT20X-SDI-xx-G2: <=6.3.20
ValueHD, PTZOptics, multiCAM Systems, SMTAV / PTZOptics PT20X-SDI-xx-G2
|
<=6.3.20 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT20X-NDI-xx: <=6.3.20
ValueHD, PTZOptics, multiCAM Systems, SMTAV / PTZOptics PT20X-NDI-xx
|
<=6.3.20 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT20X-USB-xx-G2: <=6.2.73
ValueHD, PTZOptics, multiCAM Systems, SMTAV / PTZOptics PT20X-USB-xx-G2
|
<=6.2.73 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT30X-SDI-xx-G2: <=6.3.30
ValueHD, PTZOptics, multiCAM Systems, SMTAV / PTZOptics PT30X-SDI-xx-G2
|
<=6.3.30 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT30X-NDI-xx: <=6.3.30
ValueHD, PTZOptics, multiCAM Systems, SMTAV / PTZOptics PT30X-NDI-xx
|
<=6.3.30 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT12X-ZCAM: <=7.2.76
ValueHD, PTZOptics, multiCAM Systems, SMTAV / PTZOptics PT12X-ZCAM
|
<=7.2.76 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT20X-ZCAM: <=7.2.82
ValueHD, PTZOptics, multiCAM Systems, SMTAV / PTZOptics PT20X-ZCAM
|
<=7.2.82 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PTVL-ZCAM: <=7.2.79
ValueHD, PTZOptics, multiCAM Systems, SMTAV / PTZOptics PTVL-ZCAM
|
<=7.2.79 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PTEPTZ-ZCAM-G2: <=8.1.81
ValueHD, PTZOptics, multiCAM Systems, SMTAV / PTZOptics PTEPTZ-ZCAM-G2
|
<=8.1.81 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PTEPTZ-NDI-ZCAM-G2: <=8.1.81
ValueHD, PTZOptics, multiCAM Systems, SMTAV / PTZOptics PTEPTZ-NDI-ZCAM-G2
|
<=8.1.81 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PTZOptics VL Fixed Camera/NDI Fixed Camera: <=7.2.94
ValueHD, PTZOptics, multiCAM Systems, SMTAV / PTZOptics PTZOptics VL Fixed Camera/NDI Fixed Camera
|
<=7.2.94 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV SMTAV Pan-Tilt-Zoom Cameras: vers:all/*
ValueHD, PTZOptics, multiCAM Systems, SMTAV / SMTAV Pan-Tilt-Zoom Cameras
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV multiCAM Systems Pan-Tilt-Zoom Cameras: vers:all/*
ValueHD, PTZOptics, multiCAM Systems, SMTAV / multiCAM Systems Pan-Tilt-Zoom Cameras
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV ValueHD Pan-Tilt-Zoom Cameras: vers:all/*
ValueHD, PTZOptics, multiCAM Systems, SMTAV / ValueHD Pan-Tilt-Zoom Cameras
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
9.8 (Critical)
Affected products
Known affected
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT12X-SDI-xx-G2: vers:all/*
ValueHD, PTZOptics, multiCAM Systems, SMTAV / PTZOptics PT12X-SDI-xx-G2
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT12X-NDI-xx: vers:all/*
ValueHD, PTZOptics, multiCAM Systems, SMTAV / PTZOptics PT12X-NDI-xx
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT12X-USB-xx-G2: vers:all/*
ValueHD, PTZOptics, multiCAM Systems, SMTAV / PTZOptics PT12X-USB-xx-G2
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT20X-SDI-xx-G2: vers:all/*
ValueHD, PTZOptics, multiCAM Systems, SMTAV / PTZOptics PT20X-SDI-xx-G2
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOpticsPT20X-NDI-xx: vers:all/*
ValueHD, PTZOptics, multiCAM Systems, SMTAV / PTZOpticsPT20X-NDI-xx
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT20X-USB-xx-G2: vers:all/*
ValueHD, PTZOptics, multiCAM Systems, SMTAV / PTZOptics PT20X-USB-xx-G2
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT30X-SDI-xx-G2: vers:all/*
ValueHD, PTZOptics, multiCAM Systems, SMTAV / PTZOptics PT30X-SDI-xx-G2
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT30X-NDI-xx: vers:all/*
ValueHD, PTZOptics, multiCAM Systems, SMTAV / PTZOptics PT30X-NDI-xx
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT12X-ZCAM: vers:all/*
ValueHD, PTZOptics, multiCAM Systems, SMTAV / PTZOptics PT12X-ZCAM
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT20X-ZCAM: vers:all/*
ValueHD, PTZOptics, multiCAM Systems, SMTAV / PTZOptics PT20X-ZCAM
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PTVL-ZCAM: vers:all/*
ValueHD, PTZOptics, multiCAM Systems, SMTAV / PTZOptics PTVL-ZCAM
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PTEPTZ-ZCAM-G2: vers:all/*
ValueHD, PTZOptics, multiCAM Systems, SMTAV / PTZOptics PTEPTZ-ZCAM-G2
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT12X-4K-xx-G3: <=0.0.58
ValueHD, PTZOptics, multiCAM Systems, SMTAV / PTZOptics PT12X-4K-xx-G3
|
<=0.0.58 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT20X-4K-xx-G3: <=0.0.85
ValueHD, PTZOptics, multiCAM Systems, SMTAV / PTZOptics PT20X-4K-xx-G3
|
<=0.0.85 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT30X-4K-xx-G3: <=2.0.64
ValueHD, PTZOptics, multiCAM Systems, SMTAV / PTZOptics PT30X-4K-xx-G3
|
<=2.0.64 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT12X-LINK-4K-xx: <=0.0.63
ValueHD, PTZOptics, multiCAM Systems, SMTAV / PTZOptics PT12X-LINK-4K-xx
|
<=0.0.63 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT20X-LINK-4K-xx: <=0.0.89
ValueHD, PTZOptics, multiCAM Systems, SMTAV / PTZOptics PT20X-LINK-4K-xx
|
<=0.0.89 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT30X-LINK-4K-xx: <=2.0.71
ValueHD, PTZOptics, multiCAM Systems, SMTAV / PTZOptics PT30X-LINK-4K-xx
|
<=2.0.71 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT12X-SE-xx-G3: <=9.1.43
ValueHD, PTZOptics, multiCAM Systems, SMTAV / PTZOptics PT12X-SE-xx-G3
|
<=9.1.43 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT20X-SE-xx-G3: <=9.1.32
ValueHD, PTZOptics, multiCAM Systems, SMTAV / PTZOptics PT20X-SE-xx-G3
|
<=9.1.32 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT30X-SE-xx-G3: <=9.1.33
ValueHD, PTZOptics, multiCAM Systems, SMTAV / PTZOptics PT30X-SE-xx-G3
|
<=9.1.33 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT-STUDIOPRO: <=9.0.41
ValueHD, PTZOptics, multiCAM Systems, SMTAV / PTZOptics PT-STUDIOPRO
|
<=9.0.41 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PTZOptics VL Fixed Camera/NDI Fixed Camera: <=7.2.94
ValueHD, PTZOptics, multiCAM Systems, SMTAV / PTZOptics PTZOptics VL Fixed Camera/NDI Fixed Camera
|
<=7.2.94 |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV SMTAV Pan-Tilt-Zoom Cameras: vers:all/*
ValueHD, PTZOptics, multiCAM Systems, SMTAV / SMTAV Pan-Tilt-Zoom Cameras
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV multiCAM Systems Pan-Tilt-Zoom Cameras: vers:all/*
ValueHD, PTZOptics, multiCAM Systems, SMTAV / multiCAM Systems Pan-Tilt-Zoom Cameras
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ValueHD, PTZOptics, multiCAM Systems, SMTAV ValueHD Pan-Tilt-Zoom Cameras: vers:all/*
ValueHD, PTZOptics, multiCAM Systems, SMTAV / ValueHD Pan-Tilt-Zoom Cameras
|
vers:all/* |
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
References
20 references
Acknowledgments
an anonymous researcher
{
"document": {
"acknowledgments": [
{
"names": [
"an anonymous researcher"
],
"summary": "reporting these vulnerabilities to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could allow an attacker to leak sensitive data, execute arbitrary commands, and access the admin web interface using hard-coded credentials. ",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Commercial Facilities, Critical Manufacturing, Government Services and Facilities, Healthcare and Public Health",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "PTZOptics - United States; multiCAM Systems - United States; ValueHD - China; SMTAV - China",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-25-162-10 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-162-10.json"
},
{
"category": "self",
"summary": "ICSA Advisory ICSA-25-162-10 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-10"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
}
],
"title": "PTZOptics and Other Pan-Tilt-Zoom Cameras",
"tracking": {
"current_release_date": "2025-06-12T06:00:00.000000Z",
"generator": {
"date": "2025-06-12T14:40:48.605025Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-25-162-10",
"initial_release_date": "2025-06-12T06:00:00.000000Z",
"revision_history": [
{
"date": "2025-06-12T06:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "Initial Publication"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.3.34",
"product": {
"name": "ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT12X-SDI-xx-G2: \u003c=6.3.34",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "PTZOptics PT12X-SDI-xx-G2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.3.34",
"product": {
"name": "ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT12X-NDI-xx: \u003c=6.3.34",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "PTZOptics PT12X-NDI-xx"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.2.81",
"product": {
"name": "ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT12X-USB-xx-G2: \u003c=6.2.81",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "PTZOptics PT12X-USB-xx-G2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.3.20",
"product": {
"name": "ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT20X-SDI-xx-G2: \u003c=6.3.20",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "PTZOptics PT20X-SDI-xx-G2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.3.20",
"product": {
"name": "ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT20X-NDI-xx: \u003c=6.3.20",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "PTZOptics PT20X-NDI-xx"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.2.73",
"product": {
"name": "ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT20X-USB-xx-G2: \u003c=6.2.73",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "PTZOptics PT20X-USB-xx-G2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.3.30",
"product": {
"name": "ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT30X-SDI-xx-G2: \u003c=6.3.30",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "PTZOptics PT30X-SDI-xx-G2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.3.30",
"product": {
"name": "ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT30X-NDI-xx: \u003c=6.3.30",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "PTZOptics PT30X-NDI-xx"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=7.2.76",
"product": {
"name": "ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT12X-ZCAM: \u003c=7.2.76",
"product_id": "CSAFPID-0009"
}
}
],
"category": "product_name",
"name": "PTZOptics PT12X-ZCAM"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=7.2.82",
"product": {
"name": "ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT20X-ZCAM: \u003c=7.2.82",
"product_id": "CSAFPID-0010"
}
}
],
"category": "product_name",
"name": "PTZOptics PT20X-ZCAM"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=7.2.79",
"product": {
"name": "ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PTVL-ZCAM: \u003c=7.2.79",
"product_id": "CSAFPID-0011"
}
}
],
"category": "product_name",
"name": "PTZOptics PTVL-ZCAM"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=8.1.81",
"product": {
"name": "ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PTEPTZ-ZCAM-G2: \u003c=8.1.81",
"product_id": "CSAFPID-0012"
}
}
],
"category": "product_name",
"name": "PTZOptics PTEPTZ-ZCAM-G2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=8.1.81",
"product": {
"name": "ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PTEPTZ-NDI-ZCAM-G2: \u003c=8.1.81",
"product_id": "CSAFPID-0013"
}
}
],
"category": "product_name",
"name": "PTZOptics PTEPTZ-NDI-ZCAM-G2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT12X-SDI-xx-G2: vers:all/*",
"product_id": "CSAFPID-0014"
}
}
],
"category": "product_name",
"name": "PTZOptics PT12X-SDI-xx-G2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT12X-NDI-xx: vers:all/*",
"product_id": "CSAFPID-0015"
}
}
],
"category": "product_name",
"name": "PTZOptics PT12X-NDI-xx"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT12X-USB-xx-G2: vers:all/*",
"product_id": "CSAFPID-0016"
}
}
],
"category": "product_name",
"name": "PTZOptics PT12X-USB-xx-G2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT20X-SDI-xx-G2: vers:all/*",
"product_id": "CSAFPID-0017"
}
}
],
"category": "product_name",
"name": "PTZOptics PT20X-SDI-xx-G2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOpticsPT20X-NDI-xx: vers:all/*",
"product_id": "CSAFPID-0018"
}
}
],
"category": "product_name",
"name": "PTZOpticsPT20X-NDI-xx"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT20X-USB-xx-G2: vers:all/*",
"product_id": "CSAFPID-0019"
}
}
],
"category": "product_name",
"name": "PTZOptics PT20X-USB-xx-G2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT30X-SDI-xx-G2: vers:all/*",
"product_id": "CSAFPID-0020"
}
}
],
"category": "product_name",
"name": "PTZOptics PT30X-SDI-xx-G2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT30X-NDI-xx: vers:all/*",
"product_id": "CSAFPID-0021"
}
}
],
"category": "product_name",
"name": "PTZOptics PT30X-NDI-xx"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT12X-ZCAM: vers:all/*",
"product_id": "CSAFPID-0022"
}
}
],
"category": "product_name",
"name": "PTZOptics PT12X-ZCAM"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT20X-ZCAM: vers:all/*",
"product_id": "CSAFPID-0023"
}
}
],
"category": "product_name",
"name": "PTZOptics PT20X-ZCAM"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PTVL-ZCAM: vers:all/*",
"product_id": "CSAFPID-0024"
}
}
],
"category": "product_name",
"name": "PTZOptics PTVL-ZCAM"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PTEPTZ-ZCAM-G2: vers:all/*",
"product_id": "CSAFPID-0025"
}
}
],
"category": "product_name",
"name": "PTZOptics PTEPTZ-ZCAM-G2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=0.0.58",
"product": {
"name": "ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT12X-4K-xx-G3: \u003c=0.0.58",
"product_id": "CSAFPID-0026"
}
}
],
"category": "product_name",
"name": "PTZOptics PT12X-4K-xx-G3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=0.0.85",
"product": {
"name": "ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT20X-4K-xx-G3: \u003c=0.0.85",
"product_id": "CSAFPID-0027"
}
}
],
"category": "product_name",
"name": "PTZOptics PT20X-4K-xx-G3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=2.0.64",
"product": {
"name": "ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT30X-4K-xx-G3: \u003c=2.0.64",
"product_id": "CSAFPID-0028"
}
}
],
"category": "product_name",
"name": "PTZOptics PT30X-4K-xx-G3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=0.0.63",
"product": {
"name": "ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT12X-LINK-4K-xx: \u003c=0.0.63",
"product_id": "CSAFPID-0029"
}
}
],
"category": "product_name",
"name": "PTZOptics PT12X-LINK-4K-xx"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=0.0.89",
"product": {
"name": "ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT20X-LINK-4K-xx: \u003c=0.0.89",
"product_id": "CSAFPID-0030"
}
}
],
"category": "product_name",
"name": "PTZOptics PT20X-LINK-4K-xx"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=2.0.71",
"product": {
"name": "ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT30X-LINK-4K-xx: \u003c=2.0.71",
"product_id": "CSAFPID-0031"
}
}
],
"category": "product_name",
"name": "PTZOptics PT30X-LINK-4K-xx"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=9.1.43",
"product": {
"name": "ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT12X-SE-xx-G3: \u003c=9.1.43",
"product_id": "CSAFPID-0032"
}
}
],
"category": "product_name",
"name": "PTZOptics PT12X-SE-xx-G3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=9.1.32",
"product": {
"name": "ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT20X-SE-xx-G3: \u003c=9.1.32",
"product_id": "CSAFPID-0033"
}
}
],
"category": "product_name",
"name": "PTZOptics PT20X-SE-xx-G3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=9.1.33",
"product": {
"name": "ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT30X-SE-xx-G3: \u003c=9.1.33",
"product_id": "CSAFPID-0034"
}
}
],
"category": "product_name",
"name": "PTZOptics PT30X-SE-xx-G3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=9.0.41",
"product": {
"name": "ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PT-STUDIOPRO: \u003c=9.0.41",
"product_id": "CSAFPID-0035"
}
}
],
"category": "product_name",
"name": "PTZOptics PT-STUDIOPRO"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=7.2.94",
"product": {
"name": "ValueHD, PTZOptics, multiCAM Systems, SMTAV PTZOptics PTZOptics VL Fixed Camera/NDI Fixed Camera: \u003c=7.2.94",
"product_id": "CSAFPID-0036"
}
}
],
"category": "product_name",
"name": "PTZOptics PTZOptics VL Fixed Camera/NDI Fixed Camera"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "ValueHD, PTZOptics, multiCAM Systems, SMTAV SMTAV Pan-Tilt-Zoom Cameras: vers:all/*",
"product_id": "CSAFPID-0037"
}
}
],
"category": "product_name",
"name": "SMTAV Pan-Tilt-Zoom Cameras"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "ValueHD, PTZOptics, multiCAM Systems, SMTAV multiCAM Systems Pan-Tilt-Zoom Cameras: vers:all/*",
"product_id": "CSAFPID-0038"
}
}
],
"category": "product_name",
"name": "multiCAM Systems Pan-Tilt-Zoom Cameras"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "ValueHD, PTZOptics, multiCAM Systems, SMTAV ValueHD Pan-Tilt-Zoom Cameras: vers:all/*",
"product_id": "CSAFPID-0039"
}
}
],
"category": "product_name",
"name": "ValueHD Pan-Tilt-Zoom Cameras"
}
],
"category": "vendor",
"name": "ValueHD, PTZOptics, multiCAM Systems, SMTAV"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-8956",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent without an HTTP Authorization header. The result is a remote and unauthenticated attacker can leak sensitive data such as usernames, password hashes, and configurations details. Additionally, the attacker can update individual configuration values or overwrite the whole file.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8956"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "PTZOptics has provided a fix to the affected versions for the listed CVEs. The fix for each product can be obtained on the PTZOptics Known Vulnerabilities and Fixes site.",
"product_ids": [
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039"
],
"url": "https://ptzoptics.com/known-vulnerabilities-and-fixes/"
},
{
"category": "mitigation",
"details": "ValueHD, multiCAM Systems, and SMTAV did not respond to requests for coordination. Please contact the respective companies through the following means for more information:",
"product_ids": [
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039"
]
},
{
"category": "mitigation",
"details": "SMTAV Contact Us page.",
"product_ids": [
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039"
],
"url": "https://www.smtav.com/pages/about"
},
{
"category": "mitigation",
"details": "multiCAM Systems Contact Us page.",
"product_ids": [
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039"
],
"url": "https://www.multicam-systems.com/contact/"
},
{
"category": "mitigation",
"details": "ValueHD Contact Us page.",
"product_ids": [
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039"
],
"url": "https://global.vhd.com.cn/list-42.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039"
]
}
]
},
{
"cve": "CVE-2024-8957",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntp_addr configuration value which may lead to arbitrary command execution when ntp_client is started. When chained with CVE-2024-8956, a remote and unauthenticated attacker can execute arbitrary OS commands on affected devices.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8957"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "PTZOptics has provided a fix to the affected versions for the listed CVEs. The fix for each product can be obtained on the PTZOptics Known Vulnerabilities and Fixes site.",
"product_ids": [
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039"
],
"url": "https://ptzoptics.com/known-vulnerabilities-and-fixes/"
},
{
"category": "mitigation",
"details": "ValueHD, multiCAM Systems, and SMTAV did not respond to requests for coordination. Please contact the respective companies through the following means for more information:",
"product_ids": [
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039"
]
},
{
"category": "mitigation",
"details": "SMTAV Contact Us page.",
"product_ids": [
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039"
],
"url": "https://www.smtav.com/pages/about"
},
{
"category": "mitigation",
"details": "multiCAM Systems Contact Us page.",
"product_ids": [
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039"
],
"url": "https://www.multicam-systems.com/contact/"
},
{
"category": "mitigation",
"details": "ValueHD Contact Us page.",
"product_ids": [
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039"
],
"url": "https://global.vhd.com.cn/list-42.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039"
]
}
]
},
{
"cve": "CVE-2025-35451",
"cwe": {
"id": "CWE-798",
"name": "Use of Hard-coded Credentials"
},
"notes": [
{
"category": "summary",
"text": "Certain PTZOptics and possibly other ValueHD-based cameras have SSH or telnet or both enabled by default. Operating system users with administrative privileges (including the root user) have default passwords that are trivial to crack. The passwords cannot be changed by the user, nor can the SSH or telnet service be disabled by the user.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-35451"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "PTZOptics has provided a fix to the affected versions for the listed CVEs. The fix for each product can be obtained on the PTZOptics Known Vulnerabilities and Fixes site.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039"
],
"url": "https://ptzoptics.com/known-vulnerabilities-and-fixes/"
},
{
"category": "mitigation",
"details": "ValueHD, multiCAM Systems, and SMTAV did not respond to requests for coordination. Please contact the respective companies through the following means for more information:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039"
]
},
{
"category": "mitigation",
"details": "SMTAV Contact Us page.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039"
],
"url": "https://www.smtav.com/pages/about"
},
{
"category": "mitigation",
"details": "multiCAM Systems Contact Us page.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039"
],
"url": "https://www.multicam-systems.com/contact/"
},
{
"category": "mitigation",
"details": "ValueHD Contact Us page.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039"
],
"url": "https://global.vhd.com.cn/list-42.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039"
]
}
]
},
{
"cve": "CVE-2025-35452",
"cwe": {
"id": "CWE-798",
"name": "Use of Hard-coded Credentials"
},
"notes": [
{
"category": "summary",
"text": "PTZOptics and possibly other ValueHD-based cameras use a default, shared password for the administrative web interface. The table below shows the affected firmware. This has been patched on production firmware for the current generation of devices.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-35452"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "PTZOptics has provided a fix to the affected versions for the listed CVEs. The fix for each product can be obtained on the PTZOptics Known Vulnerabilities and Fixes site.",
"product_ids": [
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039"
],
"url": "https://ptzoptics.com/known-vulnerabilities-and-fixes/"
},
{
"category": "mitigation",
"details": "ValueHD, multiCAM Systems, and SMTAV did not respond to requests for coordination. Please contact the respective companies through the following means for more information:",
"product_ids": [
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039"
]
},
{
"category": "mitigation",
"details": "SMTAV Contact Us page.",
"product_ids": [
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039"
],
"url": "https://www.smtav.com/pages/about"
},
{
"category": "mitigation",
"details": "multiCAM Systems Contact Us page.",
"product_ids": [
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039"
],
"url": "https://www.multicam-systems.com/contact/"
},
{
"category": "mitigation",
"details": "ValueHD Contact Us page.",
"product_ids": [
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039"
],
"url": "https://global.vhd.com.cn/list-42.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037",
"CSAFPID-0038",
"CSAFPID-0039"
]
}
]
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…