Blackmagic ATEM Mini Pro Information Disclosure Vulnerability via Unauthenticated Telnet Service

A vulnerability in the Blackmagic ATEM Mini Pro has been identified, allowing sensitive device and stream configuration information to be accessed through an unauthenticated Telnet service on port 9990. This exposure includes details such as the video mode, routing configuration, input/output labels, device model, and internal identifiers like the unique ID. The vulnerability could be exploited for reconnaissance purposes, facilitating further attacks.

Impact

Successful exploitation of this vulnerability allows for unauthorized access to sensitive device information, including stream configurations, device metadata, and routing details, without the need for authentication.

Reproduction

To reproduce this vulnerability, connect to the affected device using Telnet on port 9990. Once connected, the protocol preamble will be received, disclosing various sensitive details about the device and its configuration.

Remediation

It is recommended to block or disable access to port 9990 from untrusted networks, restrict Telnet access to trusted internal IPs, and consider upgrading the firmware if a newer version addresses this vulnerability.