PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntp_addr configuration value which may lead to arbitrary command execution when ntp_client is started. When chained with CVE-2024-8956, a remote and unauthenticated attacker can execute arbitrary OS commands on affected devices.
Published: 2024-09-17
CVSS: 7.2
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Download Exploit for CVE-2024-8957 here:
Use Tor Browser to access .onion links.
Check our team here:
https://wednesfieldacademy.com/exploit-284-cve-2025-0611/
https://wednesfieldacademy.com/exploit-691-cve-2024-4323/
