Minidvblinux

minidvblinux

7 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-50691 1Minidvblinux 1Minidvblinux Jan 12, 2026 Dec 30, 2025 9.3 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 MiniDVBLinux 5.4 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary commands as root through the 'command' GET parameter. Attackers can exploit the /tpl/commands....Show more MiniDVBLinux 5.4 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary commands as root through the 'command' GET parameter. Attackers can exploit the /tpl/commands.sh endpoint by sending malicious command values to gain root-level system access.Show less
CVE-2023-53774 1Minidvblinux 1Minidvblinux Dec 19, 2025 Dec 9, 2025 6.9 MEDIUM· v4 9.8 CRITICAL· v3 N/A· v2 MiniDVBLinux 5.4 contains a remote code execution vulnerability in the SVDRP protocol that allows remote attackers to send commands to manipulate TV systems. Attackers can send crafted SVDRP commands through the svdrpsen...Show more MiniDVBLinux 5.4 contains a remote code execution vulnerability in the SVDRP protocol that allows remote attackers to send commands to manipulate TV systems. Attackers can send crafted SVDRP commands through the svdrpsend.sh script to execute messages and potentially control the video disk recorder remotely.Show less
CVE-2023-53773 1Minidvblinux 1Minidvblinux Dec 19, 2025 Dec 9, 2025 8.7 HIGH· v4 5.3 MEDIUM· v3 N/A· v2 MiniDVBLinux 5.4 contains an unauthenticated vulnerability in the tv_action.sh script that allows remote attackers to generate live stream snapshots through the Simple VDR Protocol. Attackers can request /tpl/tv_action.s...Show more MiniDVBLinux 5.4 contains an unauthenticated vulnerability in the tv_action.sh script that allows remote attackers to generate live stream snapshots through the Simple VDR Protocol. Attackers can request /tpl/tv_action.sh to create and retrieve a live TV screenshot stored in /var/www/images/tv.jpg without authentication.Show less
CVE-2023-53772 1Minidvblinux 1Minidvblinux Dec 19, 2025 Dec 9, 2025 8.7 HIGH· v4 7.5 HIGH· v3 N/A· v2 MiniDVBLinux 5.4 contains an arbitrary file disclosure vulnerability that allows attackers to read sensitive system files through the 'file' GET parameter. Attackers can exploit the about page by supplying file paths to...Show more MiniDVBLinux 5.4 contains an arbitrary file disclosure vulnerability that allows attackers to read sensitive system files through the 'file' GET parameter. Attackers can exploit the about page by supplying file paths to disclose arbitrary file contents on the affected device.Show less
CVE-2023-53771 1Minidvblinux 1Minidvblinux Dec 19, 2025 Dec 9, 2025 9.3 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 MiniDVBLinux 5.4 contains an authentication bypass vulnerability that allows remote attackers to change the root password without authentication. Attackers can send crafted POST requests to the system setup endpoint with...Show more MiniDVBLinux 5.4 contains an authentication bypass vulnerability that allows remote attackers to change the root password without authentication. Attackers can send crafted POST requests to the system setup endpoint with modified SYSTEM_PASSWORD parameters to reset root credentials.Show less
CVE-2023-53770 1Minidvblinux 1Minidvblinux Dec 19, 2025 Dec 9, 2025 8.7 HIGH· v4 7.5 HIGH· v3 N/A· v2 MiniDVBLinux 5.4 contains an unauthenticated configuration download vulnerability that allows remote attackers to access sensitive system configuration files through a direct object reference. Attackers can exploit the b...Show more MiniDVBLinux 5.4 contains an unauthenticated configuration download vulnerability that allows remote attackers to access sensitive system configuration files through a direct object reference. Attackers can exploit the backup download endpoint by sending a GET request with 'action=getconfig' to retrieve a complete system configuration archive containing sensitive credentials.Show less
CVE-2025-25038 1Minidvblinux 1Minidvblinux Dec 22, 2025 Jun 20, 2025 9.3 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 An OS command injection vulnerability exists in MiniDVBLinux version 5.4 and earlier. The system’s web-based management interface fails to properly sanitize user-supplied input before passing it to operating system comma...Show more An OS command injection vulnerability exists in MiniDVBLinux version 5.4 and earlier. The system’s web-based management interface fails to properly sanitize user-supplied input before passing it to operating system commands. A remote unauthenticated attacker can exploit this vulnerability to execute arbitrary commands as the root user, potentially compromising the entire device. Exploitation evidence was observed by the Shadowserver Foundation on 2024-04-10 UTC.Show less