{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T04:56:47.929","vulnerabilities":[{"cve":{"id":"CVE-2024-8956","sourceIdentifier":"disclosure@vulncheck.com","published":"2024-09-17T20:15:07.287","lastModified":"2025-10-27T16:59:50.473","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent without an HTTP Authorization header. The result is a remote and unauthenticated attacker can leak sensitive data such as usernames, password hashes, and configurations details. Additionally, the attacker can update individual configuration values or overwrite the whole file."},{"lang":"es","value":"Las cámaras PTZOptics PT30X-SDI/NDI-xx anteriores al firmware 6.3.40 son vulnerables a un problema de autenticación insuficiente. La cámara no aplica correctamente la autenticación en /cgi-bin/param.cgi cuando se envían solicitudes sin un encabezado de autorización HTTP. El resultado es que un atacante remoto y no autenticado puede filtrar datos confidenciales, como nombres de usuario, hashes de contraseñas y detalles de configuración. Además, el atacante puede actualizar valores de configuración individuales o sobrescribir todo el archivo."}],"metrics":{"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}]},"cisaExploitAdd":"2024-11-04","cisaActionDue":"2024-11-25","cisaRequiredAction":"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.","cisaVulnerabilityName":"PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability","weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ptzoptics:pt30x-sdi_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"6.3.40","matchCriteriaId":"604C6EEF-4273-4366-AFF2-86C3183F545D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ptzoptics:pt30x-sdi:-:*:*:*:*:*:*:*","matchCriteriaId":"7462D89D-2105-417F-AB0E-D23C288156C8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ptzoptics:pt30x-ndi-xx-g2_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"6.3.40","matchCriteriaId":"B410E242-DFEE-449D-9687-6F4D0BEB8F63"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ptzoptics:pt30x-ndi-xx-g2:-:*:*:*:*:*:*:*","matchCriteriaId":"C8F75E95-D59D-45D4-B798-D0493642F53E"}]}]}],"references":[{"url":"https://ptzoptics.com/firmware-changelog/","source":"disclosure@vulncheck.com","tags":["Release Notes"]},{"url":"https://vulncheck.com/advisories/ptzoptics-insufficient-auth","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-8956","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]},{"url":"https://www.greynoise.io/blog/greynoise-intelligence-discovers-zero-day-vulnerabilities-in-live-streaming-cameras-with-the-help-of-ai","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Third Party Advisory"]},{"url":"https://www.labs.greynoise.io/grimoire/2024-10-31-sift-0-day-rce/","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]}]}}]}