PTZ Cameras Vulnerable to Cyberspion Access

Greynoise Labs has recently uncovered two new vulnerabilities, CVE-2024-8956 and CVE-2024-8957, in PTZ camera company ValueHD’s system. These vulnerabilities potentially make the system susceptible to remote command execution attacks. The vulnerabilities were detected using SIFT, a tool that utilizes artificial intelligence to analyze internet traffic and identify potential security threats.

The first vulnerability, CVE-2024-8956 with a CVSS score of 9.1, is linked to inadequate authentication in the built-in server LightTPD used in devices powered by the Hi3516A microprocessors. Flaws in the authentication mechanism could allow unauthorized access to sensitive data like network configurations and account information. The vulnerability stems from incorrect request processing, where the absence of a CGI API authorization header fails to trigger a 401 error, exposing the devices.

The second vulnerability, CVE-2024-8957 with a CVSS score of 9.8, enables command execution through specially crafted requests. The camera software utilizes a vulnerable function to execute external NTP_Client commands, providing an avenue for arbitrary code execution that can be exploited by attackers.

ValueHD, the manufacturer, has acknowledged that devices with firmware versions below 6.3.40 are affected. These vulnerable devices include those utilizing the Hi3516A platform, such as PTZOPTICS, MULTICAM Systems, and SMTAV.

An attack leveraging these vulnerabilities was observed on April 23, 2024, originating from IP address 45.128.232.229. The attack involved multiple attempts to execute commands using methods like WGET to install malicious software on the targeted device.

These incidents underscore the critical importance of addressing even seemingly minor authentication and configuration issues, as they can lead to severe consequences. In an increasingly interconnected world where every device is a potential target, the significance of promptly identifying and remedying vulnerabilities cannot be overstated—security must always remain a top priority.

/Reports, release notes, official announcements.