CVE-2024-8956, CVE-2024-8957: How to Steal a 0-Day RCE (With a Little Help from an LLM)

GreyNoise Labs discovered and disclosed CVE-2024-8956 impacting ValueHD PTZ camera firmware (< 6.3.40). The report shows that the device's param.cgi CGI endpoints can be accessed without proper authentication, leaking configuration and password hashes and allowing unsanitized writes to /data/netport.conf. By controlling the ntp_addr value an attacker can inject shell commands that are executed via a vulnerable ntp_client binary, enabling remote code execution; GreyNoise observed active exploitation in the wild with payloads and attacker C2 IPs documented.