CVE-2024-8956 — PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability

Description

PTZOptics PT30X-SDI/NDI cameras contain an insecure direct object reference (IDOR) vulnerability that allows a remote, attacker to bypass authentication for the /cgi-bin/param.cgi CGI script. If combined with CVE-2024-8957, this can lead to remote code execution as root.

How to fix CVE-2024-8956

No package mapping is available — consult the references below for vendor-specific guidance.

Is CVE-2024-8956 being exploited?

Yes — CVE-2024-8956 is on the CISA Known Exploited Vulnerabilities (KEV) catalog. Patch immediately.

Affected packages (0)

No package mapping in OSV.