Hackers Target Critical Zero-Day Vulnerabilities in PTZ Cameras

In a concerning trend, hackers are actively exploiting two zero-day vulnerabilities in PTZOptics pan-tilt-zoom (PTZ) live streaming cameras, commonly used across industrial, healthcare, business conferences, government, and courtroom settings. 💼🏥🏛️

Vulnerabilities CVE-2024–8956 and CVE-2024–8957 allow unauthorized access and command injection via the camera’s CGI-based API.

CVE-2024–8956: Weak authentication in the camera’s lighthttpd web server exposes sensitive information, including usernames and MD5 password hashes. 🔑CVE-2024–8957: Insufficient input sanitization allows attackers to execute remote commands, risking complete camera takeover and disruption of video feeds. 📡

Exploitation of these flaws can lead to:

Complete control over the camera 🎥Bot infections 💻Pivoting attacks on other devices in the network 🌐Disruption of critical video feeds 📉

GreyNoise has collaborated with VulnCheck for responsible disclosure. While PTZOptics released a security update, some older models have not received the necessary firmware updates, leaving them vulnerable. 🛠️

Users are urged to check with their device vendors for the latest firmware updates to mitigate risks associated with these vulnerabilities. Protect your networks and devices to prevent potential cyber-attacks. 🛡️

Stay informed about the latest cybersecurity threats and ensure your devices are secure! At Wire Tor, we specialize in cybersecurity solutions that keep your systems safe from vulnerabilities. 💪🔒