CVE-2023-53771
9.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Summary
MiniDVBLinux 5.4 contains an authentication bypass vulnerability that allows remote attackers to change the root password without authentication. Attackers can send crafted POST requests to the system setup endpoint with modified SYSTEM_PASSWORD parameters to reset root credentials.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| MiniDVBLinux | MiniDVBLinux Change Root Password PoC | <=5.4 | affected |
Weaknesses
- CWE-306: CWE-306: Missing Authentication for Critical Function
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: total
References
- https://www.exploit-db.com/exploits/51094
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5715.php
- https://www.minidvblinux.de
- https://www.vulncheck.com/advisories/minidvblinux-unauthenticated-root-password-change-via-system-setup
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.