Back

PTZOptics Cameras Actively Exploited!

NEWS Publication date: 2025-02-06

On this blog we dont usually cover hardware, unless they are firewalls, but security firm Fortinet has reported a sharp increase in cyberattacks targeting PTZOptics security cameras. The attacks exploit two known vulnerabilities that allow remote attackers to gain full control over the affected devices. These vulnerabilities impact cameras running VHD PTZ firmware versions before 6.3.40, which are widely deployed across healthcare, industrial, business, and government sectors.

 

Vulnerabilities Overview

The vulnerabilities in question are CVE-2024-8956 and CVE-2024-8957, both of which pose a severe risk to organizations relying on PTZOptics cameras.

 

CVE-2024-8956 – Authentication Bypass

  • This flaw arises due to improper validation of request URIs.
  • A remote, unauthenticated attacker can send specially crafted requests to the camera's built-in web server.
  • Successful exploitation allows attackers to extract sensitive data, including usernames, MD5 password hashes, and configuration settings.
  • Attackers can also modify configuration values or overwrite system files.
  • CVSS Score: 9.1 (Critical)

 

You can find our tailored CVE report here.

 

CVE-2024-8957 – Command Injection Leading to Remote Code Execution

  • Once an attacker gains access using CVE-2024-8956, they can exploit this second vulnerability.
  • The flaw is caused by improper input sanitization in the ntp_addr field.
  • Attackers can inject arbitrary OS commands, leading to remote code execution (RCE) on the device.
  • By chaining these vulnerabilities, attackers can completely take over affected PTZOptics cameras without any authentication, allowing them to manipulate video feeds, use the devices in botnets, or even pivot to other networked systems.

 

You can find our tailored CVE report here.

 

Recent Attack Surge

Fortinet’s FortiGuard Labs has observed a spike in attack attempts targeting PTZOptics cameras. Their sensors detected over 4,000 devices affected in recent weeks, marking a substantial rise in malicious activity. This spike underscores the ease with which these vulnerabilities can be exploited.

According to Fortinet, threat actors leveraging these exploits may:

 

  • Hijack camera control to disrupt security monitoring.
  • Use compromised cameras as attack platforms against other networked devices.
  • Deploy botnet infections for large-scale cyberattacks.
  • Manipulate video feeds, leading to security breaches in sensitive environments.

 

Geographic Distribution of Attacks

The highest number of attack attempts has been observed in United States, Japan & South Korea.

These findings indicate a global threat that could impact organizations in multiple industries.

 

Mitigation and Recommended Actions

Organizations using PTZOptics cameras should take immediate steps to mitigate the risk:

 

  • Upgrade Firmware: Ensure all devices are updated to firmware version 6.3.40 or later. Updates can be found on the PTZOptics Firmware Changelog.
  • Restrict Network Access: Prevent unauthorized access by placing cameras behind a firewall and restricting external connections.
  • Change Default Credentials: Ensure that default usernames and passwords have been changed to unique, strong credentials.
  • Monitor for Unusual Activity: Regularly check logs and network traffic for signs of unauthorized access attempts.
  • Implement IPS Rules: Use intrusion prevention systems (IPS) to detect and block malicious request patterns targeting these vulnerabilities.

 

There are several ways users can determine the firmware version: using SSH, check through ONVIF Device Manager, check through PTZOptics Upgrade Tool or through the camera web interface. Of course you will have to be quick as a malicious actor can do the same. However, if you were to use BaseFortify.eu you can check your firmware version from anywhere anytime. So register for free today!

 

Conclusion

The rise in attacks against PTZOptics cameras underscores the importance of timely firmware updates and proactive security measures. Organizations relying on these devices should act swiftly to patch vulnerabilities and protect their infrastructure from unauthorized access and potential cyber threats.

For further details and ongoing updates, visit Fortinet’s security advisories and PTZOptics’ official website.

Source: Security.nl & FortiGuard.com