Konstantin Lazarev

**Name of the Vulnerable Software and Affected Versions** PTZOptics PT30X-SDI/NDI Cameras versions prior to firmware 6.3.40 **Description** The issue is related to an OS command injection problem. The camera does not sufficiently validate the `ntp addr` configuration value, which may lead to arbitrary command execution when `ntp client` is started. This can be exploited by a remote and unauthenticated attacker to execute arbitrary OS commands on affected devices. The vulnerability can be exploited by sending a specially crafted request with the `ntp addr` parameter to the `/cgi-bin/param.cgi` CGI script. **Recommendations** For PTZOptics PT30X-SDI/NDI Cameras versions prior to firmware 6.3.40, update to firmware 6.3.40 or later to resolve the issue. As a temporary workaround, consider restricting access to the `/cgi-bin/param.cgi` CGI script and avoiding the use of the `ntp addr` parameter until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** PTZOptics PT30X-SDI/NDI-xx versions prior to 6.3.40 **Description** The issue is related to insufficient authentication in PTZOptics cameras. When requests are sent without an HTTP Authorization header to the /cgi-bin/param.cgi endpoint, the camera does not properly enforce authentication. This allows a remote and unauthenticated attacker to leak sensitive data, such as usernames, password hashes, and configuration details. Additionally, the attacker can update individual configuration values or overwrite the whole file. The vulnerability is being actively exploited by hackers, targeting PTZOptics cameras used in critical sectors, including healthcare, government, and industrial settings. **Recommendations** For PTZOptics PT30X-SDI/NDI-xx versions prior to 6.3.40, update the firmware to version 6.3.40 or later to resolve the issue. As a temporary workaround, consider restricting access to the /cgi-bin/param.cgi endpoint to minimize the risk of exploitation. Avoid using the camera until the firmware is updated to prevent potential data leaks and configuration manipulation.