Cybersecurity firm GreyNoise Intelligence is crediting an AI-powered tool for capturing attempts to exploit critical vulnerabilities in live streaming IoT cameras widely deployed at healthcare, industrial operations and government facilities.
GreyNoise said it detected two distinct vulnerabilities — CVE-2024-8956 and CVE-2024-8957 — after an exploit attempt on its Sift automated threat-hunting honeypot system.
“An attacker had developed and automated a zero-day vulnerability exploit, using a broad-spectrum reconnaissance and targeting strategy to run it across the internet,” GreyNoise said in a security bulletin.
The company said the exploit instead hit its global sensor network, where an internal AI technology flagged the unusual activity. “Upon further investigation, GreyNoise researchers discovered the zero-day vulnerabilities. Once exploited, attackers could potentially seize complete control of the cameras, view and/or manipulate video feeds, disable camera operations, and enlist the devices into a botnet to launch denial-of-service attacks.”
The most severe of the two vulnerabilities (CVE-2024-8956) carries a CVSS score of 9.1 out of 10 and allows an attacker to access sensitive information like usernames, MD5 password hashes, and configuration data.
The second bug is rated CVSS 7.2/10 and can be chained with CVE-2024-8956 to execute arbitrary OS commands on the affected cameras, potentially allowing an attacker to seize full control of the system, GreyNoise said.
The company warned that the vulnerabilities impact NDI-enabled pan-tilt-zoom (PTZ) cameras from multiple manufacturers. Affected devices run VHD PTZ camera firmware versions below 6.3.40, used in devices from PTZOptics, Multicam Systems SAS, and SMTAV Corporation.
GreyNoise noted that these cameras typically feature an embedded web server for direct browser access, and are commonly deployed in high-security environments like industrial sites, healthcare facilities, and government institutions.
GreyNoise founder and chief architect Andrew Morris raved about the value of AI-powered technology to help flag this threat. “This isn’t about the specific software or how many people use it — it’s about how AI helped us catch a zero-day exploit we might have missed otherwise,” Morris said.
“We caught it before it could be widely exploited, reported it, and got it patched. The attacker put a lot of effort into developing and automating this exploit, and they hit our sensors. Today it’s a camera, but tomorrow it could be a zero-day in critical enterprise software,” he added.