Critical Zero-Day Flaws in PTZ Cameras Exploited by Hackers

Hackers are exploiting two zero-day vulnerabilities, CVE-2024-8956 and CVE-2024-8957, in PTZOptics pan-tilt-zoom cameras used widely in industries like healthcare, government, and business. GreyNoise identified these flaws in April 2024, following unusual activity on its honeypot network. The vulnerabilities affect the camera’s CGI-based API and the embedded 'ntp_client,' enabling command injection and remote access. CVE-2024-8956 permits unauthorized access to the CGI API through weak authentication, exposing critical user information, while CVE-2024-8957 allows remote code execution by injecting commands via an improperly sanitized 'ntp.addr' field. Exploiting these vulnerabilities could lead to full camera control, bot infections, and network breaches. PTZOptics issued a firmware update on September 17, though some models, such as the PT20X-NDI-G2, remain unpatched due to end-of-life status. Additionally, newer models PT20X-SE-NDI-G3 and PT30X-SE-NDI-G3 were later found to be affected. GreyNoise believes the vulnerabilities might stem from a widely used SDK by manufacturer ValueHD, suggesting a broader impact across camera models. Users should verify with their device vendors for updated firmware that addresses these security issues. Read more...