Can you explain this vulnerability to me?

The Blackmagic ATEM Mini Pro 2.7 has an undocumented Telnet service running on TCP port 9993 that accepts unauthenticated plaintext commands. This service, called the ATEM Ethernet Protocol 1.0, allows anyone on the same network or with remote access to the port to control streaming, recording, format storage devices, and reboot the system without needing credentials or encryption.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

An attacker exploiting this vulnerability can gain full remote control of the device, including executing arbitrary streaming commands, erasing disks, or shutting down the device. This could disrupt operations, cause data loss, or allow unauthorized control over streaming content.

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

You can detect this vulnerability by scanning your network for devices with TCP port 9993 open, which indicates the presence of the undocumented Telnet service. Using tools like nmap, you can run the command: nmap -p 9993 <target-ip>. Additionally, attempting to connect via telnet to port 9993 (telnet <target-ip> 9993) and checking for an unauthenticated prompt or response can confirm the vulnerability.

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting network access to TCP port 9993 by implementing firewall rules to block or limit access to this port, especially from untrusted networks. If possible, disable the Telnet service on the device or isolate the device on a secure network segment. Monitoring network traffic for connections to port 9993 can also help detect exploitation attempts.

Useful 0 Not Useful 0