Unrated severityCISA KEVNVD Advisory· Published Sep 17, 2024· Updated Dec 27, 2025
PTZOptics NDI and SDI Cameras Command Injection via NTP Address Configuration
CVE-2024-8957
Description
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntp_addr configuration value which may lead to arbitrary command execution when ntp_client is started. When chained with CVE-2024-8956, a remote and unauthenticated attacker can execute arbitrary OS commands on affected devices.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2- ptzoptics.com/firmware-changelog/mitrevendor-advisory
- vulncheck.com/advisories/ptzoptics-command-injectionmitrethird-party-advisory
News mentions
0No linked articles in our index yet.