A critical vulnerability exists in the Blackmagic Web Presenter HD firmware that exposes extensive, sensitive device configuration details. An unauthenticated attacker can easily connect to an open service on the network to access this information, potentially leading to broadcast hijacking, service disruption, and unauthorized access to streaming platforms.

The affected firmware runs an unauthenticated Telnet service on TCP port 9977. Any remote attacker with network access to the device can connect to this port using a standard Telnet client without needing to provide any credentials. Upon a successful connection, the service automatically discloses extensive device configuration data, which may include network settings, streaming keys for platforms like YouTube or Twitch, device identifiers, and other sensitive operational information.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Exploitation could lead to severe business consequences, including the complete compromise of live broadcasting operations. An attacker could use the exposed streaming keys to hijack a live stream, broadcast malicious content, or cause a denial of service by terminating the stream. The disclosure of network configuration details also provides a foothold for attackers to conduct further reconnaissance and lateral movement within the corporate network, posing a significant risk to the broader organization. The potential for reputational damage from a compromised public broadcast is extremely high.

Immediate Action: Immediately update all affected Blackmagic Web Presenter HD devices to the latest firmware version provided by the vendor to close the unauthenticated service. After patching, review device access logs for any signs of compromise and monitor for any further exploitation attempts.

Proactive Monitoring: Security teams should actively monitor network traffic for any inbound connections to TCP port 9977 targeting Blackmagic devices. Configure network monitoring and intrusion detection systems (IDS) to alert on such activity. Review streaming platform logs for any unusual activity, such as streams originating from unexpected IP addresses or unauthorized changes to stream configurations.

Compensating Controls: If immediate patching is not feasible, implement the following controls to mitigate risk:

• Firewall Rules: Create strict firewall rules to block all inbound access to TCP port 9977 from any untrusted network. If management access is required, restrict it to a small set of authorized IP addresses.
• Network Segmentation: Isolate the Web Presenter devices on a dedicated, restricted network segment (VLAN) to limit their exposure to the broader internal network and prevent unauthorized access.

Public Exploit Available: False

Given the critical CVSS score of 9.8 and the simplicity of exploitation, this vulnerability presents a severe and immediate risk to the organization. While this CVE is not currently listed on the CISA KEV catalog, its potential impact on broadcast operations warrants an urgent response. We strongly recommend that all affected Blackmagic Web Presenter HD devices are patched immediately. If patching cannot be performed right away, the compensating controls, particularly firewall rules blocking port 9977, must be implemented as a top priority to prevent a compromise.