CRITICAL🇵🇱 Wersja polska

CVE-2025-57432

CVSS 9.8v3.1pub. 2025-09-22upd. 2025-10-14

Blackmagic Web Presenter version 3.3 exposes a Telnet service on port 9977 that accepts unauthenticated commands. This service allows remote attackers to manipulate stream settings, including changing video modes and possibly altering device functionality. No credentials or authentication mechanisms are required to interact with the Telnet interface.

🤖 AI Analysis
How it works

The Telnet service listening on port 9977 accepts commands from any network client without identity verification (no authentication mechanism — CWE-306). An attacker establishes a connection to the service over the network and issues commands directly to the device management interface. No credentials or prior system access are required.

Impact

An attacker can remotely manipulate video stream settings, change video modes, and potentially modify device functionality, which may lead to disruption or takeover of video transmissions.

Mitigation & patch

Apply patches available from the manufacturer according to references. As a temporary measure, it is recommended to block access to TCP port 9977 at the firewall level and isolate devices in a separate network segment inaccessible from the Internet.

Who is affected

Blackmagic Web Presenter HD and Blackmagic Web Presenter 4K with firmware version 3.3

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Blackmagicdesign Web Presenter 4k

    HW
    Blackmagicdesign
    wszystkie wersje
  • Blackmagicdesign Web Presenter 4k Firmware

    OS
    Blackmagicdesign
    3.3
  • Blackmagicdesign Web Presenter Hd

    HW
    Blackmagicdesign
    wszystkie wersje
  • Blackmagicdesign Web Presenter Hd Firmware

    OS
    Blackmagicdesign
    3.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-57437CRITICAL9.8PL ✓ten sam produkt

Blackmagic Web Presenter HD — ujawnienie wrażliwych danych przez nieuwierzytelniony Telnet

CVE-2025-57441CRITICAL9.8PL ✓ten sam vendor

Blackmagic ATEM Mini Pro – ujawnienie konfiguracji przez nieuwierzytelniony Telnet

CVE-2021-40417CRITICAL9.8ten sam vendor

When parsing a file that is submitted to the DPDecoder service as a job, the service will use the combination ...

CVE-2021-40418CRITICAL9.8ten sam vendor

When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over...