“`html

Hackers Target Critical Zero-Day Vulnerability in PTZ Cameras

Summary: Cybercriminals are actively seeking to exploit two zero-day vulnerabilities discovered in PTZOptics pan-tilt-zoom (PTZ) live streaming cameras, widely utilized in industrial, healthcare, business conferences, government, and courtroom environments.

Introduction

Two critical zero-day vulnerabilities with a perfect 10 CVSS (Common Vulnerability Scoring System) score have been identified in PTZ cameras manufactured by PTZOptics.

The vulnerabilities, tracked under CVE-2021-28372 and CVE-2021-28373, could allow remote attackers to take over the affected devices completely.

The Vulnerabilities Explained

The first vulnerability, CVE-2021-28372, is a pre-authentication command injection flaw in the web server of the camera that could enable hackers to control remote actions.

By sending specially-crafted HTTP requests, a hacker can inject arbitrary commands into the web interface of the cameras without needing a valid login.

The second vulnerability, CVE-2021-28373, is a path traversal flaw that allows a hacker to read arbitrary files on the device.

By manipulating file paths in requests to the web server, a malicious actor can gain access to confidential information, potentially leading to further exploitations.

The Widespread Impact

PTZ cameras affected by these vulnerabilities are extensively utilized around the globe.

This makes the potential risk severe and far-reaching, affecting a multitude of industries including industrial complexes, healthcare providers, professional conference settings, governmental buildings, and courtroom settings.

Real-world Examples

In 2020, amidst the COVID-19 pandemic when reliance on video conferencing and remote communication technologies increased, hackers targeted similar vulnerabilities in Zoom video software, affecting millions of users worldwide.

The incident underscored the growing significance of camera security.

What should you do?

While PTZOptics has not yet released a security patch, users should follow standard cybersecurity protocols to mitigate the risk.

Isolate the cameras from the network, use complex login credentials, disable remote access when not needed, and follow basic cybersecurity hygiene.

Ensure strict monitoring to detect any suspicious activities.

Beyond these steps, professionals should alert their cybersecurity teams and IT departments about these vulnerabilities and take necessary mitigation actions promptly.

Follow-Up Reading

• Hacking PTZ Cameras: How and Why – Cybersecurity Insiders
• Perfect 10 CVSS Score Given To Critical Cybersecurity Vulnerabilities – Dark Reading
• Critical vulnerabilities in many VPN Systems – Cyber.gov.au

“`