Unrated severityCISA KEVNVD Advisory· Published Sep 17, 2024· Updated Dec 27, 2025

PTZOptics NDI and SDI Cameras Command Injection via NTP Address Configuration

CVE-2024-8957

Description

PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntp_addr configuration value which may lead to arbitrary command execution when ntp_client is started. When chained with CVE-2024-8956, a remote and unauthenticated attacker can execute arbitrary OS commands on affected devices.

Affected products

Ptzoptics/Pt30x Ndiv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

ptzoptics.com/firmware-changelog/mitrevendor-advisory
vulncheck.com/advisories/ptzoptics-command-injectionmitrethird-party-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.044
exploit	0.000
kev	0.120
patch	0.000
ransomware	0.000