Security researchers identified suspicious activity targeting ValueHD PTZ cameras on April 23, 2024. The detected exploitation attempts originated from the IP address 45.128.232.229 and included attempts to download and execute shell scripts on vulnerable devices. Due to the widespread use of these cameras in enterprise-level video production and broadcasting environments, the potential risks arising from unauthorized access and remote command execution are significant.
| Product | ValueHD PTZ Camera |
| Date | 2024-11-04 10:11:11 |
| Information |
|
Technical Summary
The suspected vulnerabilities could allow unauthenticated access to configuration data and remote command execution. The first vulnerability (CVE-2024-8956) could allow attackers to bypass authentication on the param.cgi endpoint, potentially exposing system configuration details, including password hashes. The second vulnerability (CVE-2024-8957) appears to allow command injection through the NTP server configuration, enabling the execution of arbitrary remote commands. Affected devices include ValueHD PTZ cameras with firmware versions lower than 6.3.40, used in PTZOptics, Multicam Systems SAS, and SMTAV Corporation products based on the Hisilicon Hi3516A V600 (V60, V61, V63) SoC.
Recommendations
- Update firmware to version 6.3.40 or higher.
- Place cameras behind a firewall or VPN to restrict unauthorized access.
- Segment the network to isolate PTZ cameras from other critical infrastructure.
- Continuously monitor access attempts to the
param.cgiendpoint for anomalous activity.
[Callforaction-THREAT-Footer]
