sechub.in
Open in
urlscan Pro
2606:4700:3031::6815:5625
Public Scan
URL:
https://sechub.in/view/2963867
Submission: On November 05 via api from US — Scanned from US
Submission: On November 05 via api from US — Scanned from US
Form analysis 0 forms found in the DOM
Text Content
Sechub * 首页 收藏 历史 投稿 PTZOPTICS CAMERAS ZERO-DAYS ACTIVELY EXPLOITED IN THE WILD Security Affairs 2024-11-02 15:16:42 breaking news · hacking · internet of things 收藏 HACKERS ARE EXPLOITING TWO ZERO-DAY VULNERABILITIES, TRACKED AS CVE-2024-8956 AND CVE-2024-8957, IN PTZOPTICS CAMERAS. Threat actors are attempting to exploit two zero-day vulnerabilities, tracked as CVE-2024-8956 and CVE-2024-8957, in PTZOptics pan-tilt-zoom (PTZ) live streaming cameras, GretNoise researchers warn. GreyNoise discovered the two flaws while investigating the use of an exploit detected by its LLM-powered threat-hunting tool Sift. The company discovered the zero-day vulnerabilities in IoT live-streaming cameras, used in industrial operations, healthcare, and other sensitive environments. The attacker used automated, wide-scale reconnaissance to deploy the exploit. GreyNoise worked with VulnCheck to disclose the two vulnerabilities responsibly. “The vulnerabilities impact NDI-enabled pan-tilt-zoom (PTZ) cameras from multiple manufacturers. Affected devices use VHD PTZ camera firmware < 6.3.40 used in PTZOptics, Multicam Systems SAS, and SMTAV Corporation devices based on Hisilicon Hi3516A V600 SoC V60, V61, and V63.” reads the analysis published by GreyNoise. “These cameras, which feature an embedded web server allowing for direct access by web browser, are reportedly deployed in environments where reliability and privacy are crucial” CVE-2024-8956 (CVSS score of 9.1) is an inadequate authentication mechanisms that could allow an attacker to access sensitive information like usernames, MD5 password hashes, and configuration data. CVE-2024-8957 (CVSS score of CVSS 7.2) is an OS Command Injection. An attacker could trigger this with CVE-2024-8956 to execute arbitrary OS commands on the affected cameras, potentially allowing an attacker to seize full control of the system. An attacker could exploit the flaw to fully take over devices, view or alter video feeds, and compromise sensitive sessions like business meetings or telehealth. Compromised cameras could be added to botnets and use them to perform denial-of-service attacks. Attackers can also trigger flaws to extract network details to infiltrate connected systems, increasing the risk of data breaches and ransomware attacks. Additionally, attackers could misconfigure or disable cameras entirely, disrupting operations in industrial and other sensitive settings. GreyNoise also observed an instance of an attack using wget to download a shell script for reverse shell access. “Organizations using VHD PTZ camera firmware < 6.3.40 used in PTZOptics, Multicam Systems SAS, and SMTAV Corporation devices based on Hisilicon Hi3516A V600 SoC V60, V61, and V63 should take immediate action to patch the discovered vulnerabilities and secure their systems. VulnCheck alerted affected manufacturers to the flaws, only receiving a response from PTZOptics. The manufacturer released firmware updates addressing these flaws.” concludes the report. “Read the GreyNoise Labs blog for technical analysis and deeper insight into how Sift helped discover these zero-day vulnerabilities.” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, PTZOptics cameras) 原始链接: https://securityaffairs.com/170456/hacking/ptzoptics-cameras-flaws-exploited.html 侵权请联系站方: admin@sechub.in 目录 * Hackers are exploiting two zero-day vulnerabilities, tracked as CVE-2024-8956 and CVE-2024-8957, in PTZOptics cameras. 最新 * FBI arrested former Disney World employee for hacking computer menus and mislabeling allergy info * Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide * PTZOptics cameras zero-days actively exploited in the wild * New LightSpy spyware version targets iPhones with destructive capabilities * LottieFiles confirmed a supply chain attack on Lottie-Player * Threat actor says Interbank refused to pay the ransom after a two-week negotiation * QNAP fixed second zero-day demonstrated at Pwn2Own Ireland 2024 * New version of Android malware FakeCall redirects bank calls to scammers 相关推荐 换一批 * PTZOptics cameras zero-days actively exploited in the wild * Four zero-days in Microsoft Exchange actively exploited in the wild * Zero-Days in WordPress Plugin Actively Exploited * Microsoft Patches a Pair of Actively Exploited Zero-Days * Google Starts Tracking Zero-Days Exploited in the Wild * Trends on Zero-Days Exploited In-the-Wild in 2023 * Mozilla Patches Two Actively Exploited Firefox Zero-Days * Apple addresses three actively exploited iOS zero-days * Apple plugs three actively exploited iOS zero-days * Apple fixes three actively exploited iOS zero-days * Apple fixes three actively exploited iOS zero-days * Apple addresses three actively exploited iOS zero-days * Chipmaker Qualcomm warns of three actively exploited zero-days * Chipmaker Qualcomm warns of three actively exploited zero-days * Firefox gets fixes for two zero-days exploited in the wild * Firefox 74.0.1 addresses two zero-days exploited in the wild