CVE-2025-57437
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-22

Last updated on: 2025-10-10

Assigner: MITRE

Description
The Blackmagic Web Presenter HD firmware version 3.3 exposes sensitive information via an unauthenticated Telnet service on port 9977. When connected, the service reveals extensive device configuration data including: - Model, version, and unique identifiers - Network settings including IP, MAC, DNS - Current stream platform, stream key, and streaming URL - Audio/video configuration This data can be used to hijack live streams or perform network reconnaissance.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-22
Last Modified
2025-10-10
Generated
2026-06-16
AI Q&A
2025-09-22
EPSS Evaluated
2026-06-15
NVD
CVE-2025-57437
EUVD
EUVD-2025-30803
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
blackmagicdesign web_presenter_hd_firmware 3.3
blackmagicdesign web_presenter_hd *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The Blackmagic Web Presenter HD firmware version 3.3 has an unauthenticated Telnet service running on port 9977 that exposes sensitive device information. This includes model details, version, unique identifiers, network settings (IP, MAC, DNS), current streaming platform details, stream key, streaming URL, and audio/video configuration. This exposure allows attackers to access critical configuration data without authentication.

Impact Analysis

This vulnerability can lead to hijacking of live streams by exposing stream keys and URLs, and it can also be used for network reconnaissance by revealing detailed network and device configuration information. This can result in unauthorized access, disruption of streaming services, and potential further attacks on the network.

Detection Guidance

This vulnerability can be detected by scanning your network for devices running the Blackmagic Web Presenter HD firmware version 3.3 that have an open Telnet service on port 9977. You can use network scanning tools such as nmap with the command: nmap -p 9977 --open <target-ip-range>. Additionally, attempting to connect to port 9977 using a Telnet client (e.g., telnet <device-ip> 9977) and checking if sensitive configuration data is exposed can confirm the vulnerability.

Mitigation Strategies

Immediate mitigation steps include disabling the unauthenticated Telnet service on port 9977 if possible, restricting network access to this port to trusted administrators only, and updating the device firmware if a patch is available. If disabling Telnet is not feasible, consider placing the device behind a firewall or network segmentation to limit exposure.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-57437. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart