CVE-2023-53771 | THREATINT

Description

MiniDVBLinux 5.4 contains an authentication bypass vulnerability that allows remote attackers to change the root password without authentication. Attackers can send crafted POST requests to the system setup endpoint with modified SYSTEM_PASSWORD parameters to reset root credentials.

PUBLISHED Reserved 2025-12-08 | Published 2025-12-09 | Updated 2025-12-09 | Assigner VulnCheck

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-306: Missing Authentication for Critical Function

Product status

Default status

unaffected

<=5.4

affected

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab finder

References

www.exploit-db.com/exploits/51094 (ExploitDB-51094) exploit

www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5715.php (Zero Science Lab Disclosure (ZSL-2022-5715)) third-party-advisory

www.minidvblinux.de (Official Product Homepage) product

www.vulncheck.com/...d-root-password-change-via-system-setup (VulnCheck Advisory: MiniDVBLinux 5.4 Unauthenticated Root Password Change via System Setup) third-party-advisory

cve.org (CVE-2023-53771)

nvd.nist.gov (CVE-2023-53771)