CVE-2024-8957

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: ValueHD, PTZOptics, multiCAM Systems, SMTAV Equipment: Various pan-tilt-zoom cameras Vulnerabilities: Improper Authentication, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to leak sensitive data, execute arbitrary commands, and access the admin web interface using hard-coded credentials. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following ValueHD, PTZOptics, multiCAM Systems, and SMTAV products are affected: PTZOptics PT12X-SDI-xx-G2: Versions 6.3.34 and prior (CVE-2025-35451) PTZOptics PT12X-NDI-xx: Versions 6.3.34 and prior (CVE-2025-35451) PTZOptics PT12X-USB-xx-G2: Versions 6.2.81 and prior (CVE-2025-35451) PTZOptics PT20X-SDI-xx-G2: Versions 6.3.20 and prior (CVE-2025-35451) PTZOptics PT20X-NDI-xx: Versions 6.3.20 and prior (CVE-2025-35451) PTZOptics PT20X-USB-xx-G2: Versions 6.2.73 and prior (CVE-2025-35451) PTZOptics PT30X-SDI-xx-G2: Versions 6.3.30 and prior (CVE-2025-35451) PTZOptics PT30X-NDI-xx: Versions 6.3.30 and prior (CVE-2025-35451) PTZOptics PT12X-ZCAM: Versions 7.2.76 and prior (CVE-2025-35451) PTZOptics PT20X-ZCAM: Versions 7.2.82 and prior (CVE-2025-35451) PTZOptics PTVL-ZCAM: Versions 7.2.79 and prior (CVE-2025-35451) PTZOptics PTEPTZ-ZCAM-G2: Versions 8.1.81 and prior (CVE-2025-35451) PTZOptics PTEPTZ-NDI-ZCAM-G2: Versions 8.1.81 and prior (CVE-2025-35451) PTZOptics PT12X-SDI-xx-G2: All versions (CVE-2025-35452) PTZOptics PT12X-NDI-xx: All versions (CVE-2025-35452) PTZOptics PT12X-USB-xx-G2: All versions (CVE-2025-35452) PTZOptics PT20X-SDI-xx-G2: All versions (CVE-2025-35452) PTZOpticsPT20X-NDI-xx: All versions (CVE-2025-35452) PTZOptics PT20X-USB-xx-G2: All versions (CVE-2025-35452) PTZOptics PT30X-SDI-xx-G2: All versions (CVE-2025-35452) PTZOptics PT30X-NDI-xx:...