389/67 Monday, November 4, 2024
Researchers from GreyNoise have revealed that a group of threat actors has attempted to exploit two Zero-Day vulnerabilities in PTZOptics pan-tilt-zoom (PTZ) cameras, commonly used for live streaming. The vulnerabilities, identified as CVE-2024-8956 and CVE-2024-8957, have already been exploited in industrial and healthcare sectors. These vulnerabilities were discovered using GreyNoise’s Sift tool, which leverages AI for threat detection and analysis, in collaboration with the VulnCheck team. Details of the vulnerabilities are as follows:
- CVE-2024-8956 (CVSS score 9.1) is a vulnerability caused by insufficient authentication configuration, allowing attackers to access sensitive information such as usernames, MD5-encrypted passwords, and other configuration data.
- CVE-2024-8957 (CVSS score 7.2) is a vulnerability that allows OS Command Injection. When combined with CVE-2024-8956, it enables attackers to execute arbitrary OS commands, potentially modifying or disabling camera functionality, affecting critical communications such as business meetings or telemedicine.
Users of PTZOptics cameras running firmware VHD PTZ versions below 6.3.40, manufactured by PTZOptics, Multicam Systems SAS, and SMTAV Corporation on the Hisilicon Hi3516A chip, are advised to update promptly to mitigate these vulnerabilities. PTZOptics is the only manufacturer that has responded and released firmware updates addressing these issues.
Source https://securityaffairs.com/170456/hacking/ptzoptics-cameras-flaws-exploited.html