PTZOptics is a manufacture in PTZ (pan-tilt-zoom) cameras for video broadcasting. These cameras are widely used in industrial, healthcare, business, and government sectors worldwide.

FortiGuard Labs have seen an increase in attack attempts against PTZOptic NDI and SDI cameras. The vulnerability used in these attacks could lead to unauthorized access to networks.

The following vulnerabilities were observed:

CVE-2024-8956 is an authentication bypass vulnerability in PTZOptics PT30X-SDI/NDI-xx which allows an unauthenticated attacker to harvest sensitive data.

CVE-2024-8957 is an OS command injection vulnerability in PTZOptics PT30X-SDI/NDI-xx which allows for unauthenticated attacker to execute arbitrary command.

Firmware versions prior to 6.3.40 are vulnerable to both CVE-2024-8956 and CVE-2024-8957.

CVE ID    

CVE-2024-8956 (https://nvd.nist.gov/vuln/detail/CVE-2024-8956)

CVE-2024-8957 (https://nvd.nist.gov/vuln/detail/CVE-2024-8957)

NDR Cloud Detection Rule

Threat Hunting

FortiNDR Cloud users can use the following IOCs from Fortinet to hunt for 'PTZOptics NDI and SDI Cameras Attack' related activities.
IOC source: PTZOptics cameras attack - Indicators of Compromise - FortiGuard Labs.

All IOCs listed above have been added to Threat Intelligence Intel.

Suricata Coverage

Customers can create custom investigation/detections using the Suricata signatures below:

2057216 -> ET EXPLOIT PTZOptics PT30X Authentication Bypass Attempt Inbound (CVE-2024-8956)

2057227 -> ET EXPLOIT PTZOptics PT30X Successful Authentication Bypass (CVE-2024-8956)

Other Fortinet Products

For more details regarding mitigating the vulnerability by utilizing Fortinet products, refer to
PTZOptics NDI and SDI Cameras Attack | Outbreak Alert | FortiGuard Labs.