The Blackmagic ATEM Mini Pro 2.7 exposes sensitive device and stream configuration information via an unauthenticated Telnet service on port 9990. Upon connection, the attacker can access a protocol preamble that leaks the video mode, routing configuration, input/output labels, device model, and even internal identifiers such as the unique ID. This can be used for reconnaissance and planning further attacks.
Upon connecting to the Telnet service on port 9990, the device automatically transmits a protocol preamble containing detailed configuration information. This data includes video mode, routing configuration, input and output labels, device model, and internal identifiers, including a unique device ID. The service requires no authentication, meaning any entity with network access to the device can retrieve this information. The disclosed data can be used for detailed environment reconnaissance and planning further attacks.
An attacker gains detailed knowledge of the device configuration and video production environment without requiring any privileges. Collected information can be used to precisely plan further attacks on network infrastructure or services associated with the device.
Patches available from the manufacturer should be applied according to the references. Until an update is applied, it is recommended to block access to port 9990 (Telnet) at the firewall or network switch level and isolate the device in a dedicated VLAN segment inaccessible from the internet or unauthorized user networks.
Blackmagic ATEM Mini Pro with firmware version 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HBlackmagicdesign Atem Mini Pro
HWBlackmagicdesignwszystkie wersjeBlackmagicdesign Atem Mini Pro Firmware
OSBlackmagicdesign2.7
Related vulnerabilities
Blackmagic Web Presenter — nieuwierzytelniony dostęp do usługi Telnet
Blackmagic Web Presenter HD — ujawnienie wrażliwych danych przez nieuwierzytelniony Telnet
When parsing a file that is submitted to the DPDecoder service as a job, the service will use the combination ...
When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over...