Can you explain this vulnerability to me?

The Blackmagic Web Presenter HD firmware version 3.3 has an unauthenticated Telnet service running on port 9977 that exposes sensitive device information. This includes model details, version, unique identifiers, network settings (IP, MAC, DNS), current streaming platform details, stream key, streaming URL, and audio/video configuration. This exposure allows attackers to access critical configuration data without authentication.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

This vulnerability can lead to hijacking of live streams by exposing stream keys and URLs, and it can also be used for network reconnaissance by revealing detailed network and device configuration information. This can result in unauthorized access, disruption of streaming services, and potential further attacks on the network.

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by scanning your network for devices running the Blackmagic Web Presenter HD firmware version 3.3 that have an open Telnet service on port 9977. You can use network scanning tools such as nmap with the command: nmap -p 9977 --open <target-ip-range>. Additionally, attempting to connect to port 9977 using a Telnet client (e.g., telnet <device-ip> 9977) and checking if sensitive configuration data is exposed can confirm the vulnerability.

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include disabling the unauthenticated Telnet service on port 9977 if possible, restricting network access to this port to trusted administrators only, and updating the device firmware if a patch is available. If disabling Telnet is not feasible, consider placing the device behind a firewall or network segmentation to limit exposure.

Useful 0 Not Useful 0