Blackmagic Web Presenter version 3.3 exposes a Telnet service on port 9977 that accepts unauthenticated commands. This service allows remote attackers to manipulate stream settings, including changing video modes and possibly altering device functionality. No credentials or authentication mechanisms are required to interact with the Telnet interface.
The Telnet service listening on port 9977 accepts commands from any network client without identity verification (no authentication mechanism — CWE-306). An attacker establishes a connection to the service over the network and issues commands directly to the device management interface. No credentials or prior system access are required.
An attacker can remotely manipulate video stream settings, change video modes, and potentially modify device functionality, which may lead to disruption or takeover of video transmissions.
Apply patches available from the manufacturer according to references. As a temporary measure, it is recommended to block access to TCP port 9977 at the firewall level and isolate devices in a separate network segment inaccessible from the Internet.
Blackmagic Web Presenter HD and Blackmagic Web Presenter 4K with firmware version 3.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HBlackmagicdesign Web Presenter 4k
HWBlackmagicdesignwszystkie wersjeBlackmagicdesign Web Presenter 4k Firmware
OSBlackmagicdesign3.3Blackmagicdesign Web Presenter Hd
HWBlackmagicdesignwszystkie wersjeBlackmagicdesign Web Presenter Hd Firmware
OSBlackmagicdesign3.3
Related vulnerabilities
Blackmagic Web Presenter HD — ujawnienie wrażliwych danych przez nieuwierzytelniony Telnet
Blackmagic ATEM Mini Pro – ujawnienie konfiguracji przez nieuwierzytelniony Telnet
When parsing a file that is submitted to the DPDecoder service as a job, the service will use the combination ...
When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over...