The Blackmagic Web Presenter HD firmware version 3.3 exposes sensitive information via an unauthenticated Telnet service on port 9977. When connected, the service reveals extensive device configuration data including: - Model, version, and unique identifiers - Network settings including IP, MAC, DNS - Current stream platform, stream key, and streaming URL - Audio/video configuration This data can be used to hijack live streams or perform network reconnaissance.
References
| Link | Resource |
|---|---|
| https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-57437 | Exploit Third Party Advisory |
| https://www.blackmagicdesign.com/ | Product |
Configurations
Configuration 1 (hide)
| AND |
|
History
10 Oct 2025, 21:03
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Blackmagicdesign
Blackmagicdesign web Presenter Hd Blackmagicdesign web Presenter Hd Firmware |
|
| References | () https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-57437 - Exploit, Third Party Advisory | |
| References | () https://www.blackmagicdesign.com/ - Product | |
| CPE | cpe:2.3:o:blackmagicdesign:web_presenter_hd_firmware:3.3:*:*:*:*:*:*:* cpe:2.3:h:blackmagicdesign:web_presenter_hd:-:*:*:*:*:*:*:* |
22 Sep 2025, 18:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-09-22 18:15
Updated : 2025-10-10 21:03
NVD link : CVE-2025-57437
Mitre link : CVE-2025-57437
CVE.ORG link : CVE-2025-57437
JSON object : View
Products Affected
blackmagicdesign
- web_presenter_hd
- web_presenter_hd_firmware
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor