PTZOptics live-streaming cameras were identified as vulnerable to zero-day exploits. In April this year, an AI-powered threat detection tool, Sift, flagged unusual network activity, later confirmed to be an exploitation attempt targeting these vulnerabilities.
The security flaws allowed unauthorized people to access camera settings, revealing sensitive information like usernames and passwords. Additionally, attackers could trick the camera into running harmful commands by sending specially crafted inputs, exploiting a weak security check in the camera’s software. This enabled hackers to take control of the camera remotely.
Exploitation of the two zero-day vulnerabilities in PTZOptics cameras could allow attackers to fully hijack cameras, deploy bot infections, access other network devices, or disrupt video feeds. These vulnerabilities likely affect a wide range of camera models, including Multicam Systems, SAS cameras, and SMTAV Corporation devices.
Users are advised to contact their device vendor to verify if security patches for CVE-2024-8956 and CVE-2024-8957 have been included in the latest firmware updates for their PTZOptics cameras.
If you are worried about potential vulnerabilities in your systems, Otonata can assess your security posture, identify weaknesses, and implement tailored solutions to enhance your protection against cyber threats.
References:
CVE-2024-8956
CVE-2024-8957