The Blackmagic ATEM Mini Pro 2.7 exposes an undocumented Telnet service on TCP port 9993, which accepts unauthenticated plaintext commands for controlling streaming, recording, formatting storage devices, and system reboot. This interface, referred to as the "ATEM Ethernet Protocol 1.0", provides complete device control without requiring credentials or encryption. An attacker on the same network (or with remote access to the exposed port) can exploit this interface to execute arbitrary streaming commands, erase disks, or shut down the device - effectively gaining full remote control.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Blackmagic |
|
No data.
No data.
References
History
Tue, 23 Sep 2025 16:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Blackmagic
Blackmagic atem Mini Pro |
|
| Vendors & Products |
Blackmagic
Blackmagic atem Mini Pro |
Mon, 22 Sep 2025 17:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The Blackmagic ATEM Mini Pro 2.7 exposes an undocumented Telnet service on TCP port 9993, which accepts unauthenticated plaintext commands for controlling streaming, recording, formatting storage devices, and system reboot. This interface, referred to as the "ATEM Ethernet Protocol 1.0", provides complete device control without requiring credentials or encryption. An attacker on the same network (or with remote access to the exposed port) can exploit this interface to execute arbitrary streaming commands, erase disks, or shut down the device - effectively gaining full remote control. | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2025-09-22T00:00:00.000Z
Updated: 2025-09-22T17:32:28.933Z
Reserved: 2025-08-17T00:00:00.000Z
Link: CVE-2025-57440
Vulnrichment
No data.
NVD
Status : Awaiting Analysis
Published: 2025-09-22T18:15:45.830
Modified: 2025-09-22T21:22:33.590
Link: CVE-2025-57440
Redhat
No data.