Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to vulnerabilities
CriticalCISA KEVExploited in the wildPublic exploit

PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass

IdentifiersCVE-2024-8956CWE-306· Missing Authentication for…

CVE-2024-8956 is an insufficient authentication vulnerability affecting PTZOptics PT30X-SDI/NDI-xx cameras before firmware 6.3.40. The flaw is in authentication enforcement for the /cgi-bin/param.cgi endpoint: when requests are sent without an HTTP Authorization header, the device does not properly require authentication. A remote unauthenticated attacker can therefore access functionality that should be restricted, resulting in disclosure of sensitive information including usernames, password hashes, and configuration details. The same flaw also permits unauthorized modification of individual configuration values or overwriting of the entire configuration file.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows remote unauthenticated compromise of confidentiality and integrity on the affected camera. An attacker can extract usernames, password hashes, and configuration data, which may facilitate follow-on attacks, credential cracking, or broader compromise of the camera environment. The attacker can also alter configuration parameters or replace the full configuration file, enabling unauthorized reconfiguration, operational disruption, weakening of security settings, and potential chaining with other flaws in the ValueHD/PTZOptics ecosystem for deeper device compromise.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, restrict network access to the camera management interface and specifically to the vulnerable web/CGI endpoints using segmentation, firewall ACLs, VPN-only administration, and source IP allowlisting. Remove internet exposure, place devices on dedicated management or OT segments, and monitor for requests to /cgi-bin/param.cgi that omit Authorization headers. Review configurations and credentials for signs of tampering, rotate affected passwords where hashes or configuration data may have been exposed, and disable or limit unnecessary remote administration paths until firmware updates can be applied.

Remediation

Patch, then assume compromise.

Upgrade affected PTZOptics PT30X-SDI/NDI-xx cameras to firmware version 6.3.40 or later. Because the issue is caused by improper authentication enforcement in the CGI endpoint, remediation requires vendor-provided firmware that correctly enforces authentication on /cgi-bin/param.cgi. Validate after upgrade that unauthenticated requests lacking an HTTP Authorization header are rejected and review device configuration for unauthorized changes made prior to patching.
PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
PtzopticsPt30x-Ndi-Xx-G2hardware
PtzopticsPt30x-Ndi-Xx-G2 Firmwareoperating_system
PtzopticsPt30x-Sdihardware
PtzopticsPt30x-Sdi Firmwareoperating_system

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

6 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

6 SOURCESView more in app
socradar blogNews
Dec 1, 2025
CISA Industrial Control Systems (ICS) Advisories Recap for 2025

An authentication bypass in PTZOptics and other ValueHD-based NDI cameras, allowing remote access and configuration manipulation, actively exploited in the wild.

Read more
zeropath blogNews
Sep 5, 2025
PTZOptics and ValueHD Camera Hard-Coded Credential Vulnerability (CVE-2025-35451): Brief Summary and Technical Review - ZeroPath Blog | ZeroPath

A previously addressed PTZOptics camera firmware vulnerability related to improper authentication or OS command injection, mentioned as part of vendor security history.

Read more
zeropath blogNews
Sep 5, 2025
PTZOptics, ValueHD PTZ Cameras: CVE-2025-35452 Hard-Coded Credentials Vulnerability - Brief Summary and Technical Review - ZeroPath Blog | ZeroPath

An improper authentication vulnerability in PTZOptics and ValueHD-based cameras mentioned as a related issue that can be chained with CVE-2025-35452 for deeper compromise.

Read more
the hacker newsNews
Jan 8, 2025
Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks

A security vulnerability exploited by Mirai botnet variants to compromise devices and expand botnet reach.

Read more
+1 more in the timeline
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware2

Malware families riding this exploit, with evidence and IOCs.

Detection signatures1

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2024-8956
NVD
nvd.nist.gov/vuln/detail/CVE-2024-8956
MITRE CWE · CWE-306
Missing Authentication for Critical Function
Third Party Advisory
vulncheck.com/advisories/ptzoptics-insufficient-auth
Third Party Advisory
greynoise.io/blog/greynoise-intelligence-discovers-zero-day-vulnerabilities-in-live-streaming-cameras-with-the-help-of-ai
Third Party Advisory
labs.greynoise.io/grimoire/2024-10-31-sift-0-day-rce
Release Notes
ptzoptics.com/firmware-changelog
US Government Resource
cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-8956