CVE-2024-8956 - PTZOptics PT30X-SDI/NDI Unauthenticated Authentication Bypass

2 months ago 27
ARTICLE AD BOX
CVE ID : CVE-2024-8956
Published : Sept. 17, 2024, 8:15 p.m. | 24 minutes ago
Description : PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent without an HTTP Authorization header. The result is a remote and unauthenticated attacker can leak sensitive data such as usernames, password hashes, and configurations details. Additionally, the attacker can update individual configuration values or overwrite the whole file.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Read Entire Article