CVE-2023-53774
6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Summary
MiniDVBLinux 5.4 contains a remote code execution vulnerability in the SVDRP protocol that allows remote attackers to send commands to manipulate TV systems. Attackers can send crafted SVDRP commands through the svdrpsend.sh script to execute messages and potentially control the video disk recorder remotely.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| MiniDVBLinux | Simple VideoDiskRecorder Protocol SVDRP (svdrpsend.sh) Exploit | <=5.4 | affected |
Weaknesses
- CWE-306: CWE-306: Missing Authentication for Critical Function
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: total
References
- https://www.exploit-db.com/exploits/51093
- https://www.linuxtv.org/vdrwiki/index.php/SVDRP#The_commands
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5714.php
- https://www.minidvblinux.de
- https://www.vulncheck.com/advisories/minidvblinux-simple-videodiskrecorder-protocol-remote-code-execution
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.