CVE-2023-53771

Published: Dec 9, 2025Modified: Dec 19, 2025

9.3

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: disclosure@vulncheck.com (Secondary)

Description

MiniDVBLinux 5.4 contains an authentication bypass vulnerability that allows remote attackers to change the root password without authentication. Attackers can send crafted POST requests to the system setup endpoint with modified SYSTEM_PASSWORD parameters to reset root credentials.

Affected (1)

Products: Minidvblinux: Minidvblinux

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Minidvblinux Minidvblinux	Up to 5.4

Related CWEs

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (4)

https://www.exploit-db.com/exploits/51094

Source: disclosure@vulncheck.com

ExploitThird Party AdvisoryVDB Entry

https://www.minidvblinux.de

Source: disclosure@vulncheck.com

Product

https://www.vulncheck.com/advisories/minidvblinux-unauthenticated-root-password-change-via-system-setup

Source: disclosure@vulncheck.com

Third Party Advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5715.php

Source: disclosure@vulncheck.com

ExploitThird Party Advisory

Timeline

No history available yet.