Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PTZOptics NDI and SDI Cameras Command Injection via NTP Address Configuration
Vulnerability Description
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntp_addr configuration value which may lead to arbitrary command execution when ntp_client is started. When chained with CVE-2024-8956, a remote and unauthenticated attacker can execute arbitrary OS commands on affected devices.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
PTZOptics PT30X-SDI/NDI-xx 安全漏洞
Vulnerability Description
PTZOptics PT30X-SDI/NDI-xx是PTZOptics公司的一系列高清摄像机。 PTZOptics PT30X-SDI/NDI-xx 6.3.40之前版本存在安全漏洞,该漏洞源于未充分验证 ntp_addr 配置值。攻击者利用该漏洞可以在启动 ntp_client 时执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A