CVE-2025-57440

Name of the Vulnerable Software and Affected Versions Blackmagic ATEM Mini Pro version 2.7

Description The Blackmagic ATEM Mini Pro 2.7 device exposes an undocumented Telnet service on TCP port 9993. This service accepts unauthenticated plaintext commands, allowing control over streaming, recording, storage device formatting, and system reboot. The interface, known as the "ATEM Ethernet Protocol 1.0", grants complete device control without authentication or encryption. An attacker on the same network or with remote access to the exposed port can execute arbitrary streaming commands, erase disks, or shut down the device, gaining full remote control. The API endpoint is accessible via TCP port 9993.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.