CVE-2023-53772 | THREATINT

Description

MiniDVBLinux 5.4 contains an arbitrary file disclosure vulnerability that allows attackers to read sensitive system files through the 'file' GET parameter. Attackers can exploit the about page by supplying file paths to disclose arbitrary file contents on the affected device.

PUBLISHED Reserved 2025-12-08 | Published 2025-12-09 | Updated 2025-12-09 | Assigner VulnCheck

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status

unaffected

<=5.4

affected

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab finder

References

www.exploit-db.com/exploits/51097 (ExploitDB-51097) exploit

www.minidvblinux.de (MiniDVBLinux Product Homepage) product

www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5719.php (Zero Science Lab Disclosure (ZSL-2022-5719)) third-party-advisory

www.vulncheck.com/...-file-read-vulnerability-via-about-page (VulnCheck Advisory: MiniDVBLinux 5.4 Arbitrary File Read Vulnerability via About Page) third-party-advisory

cve.org (CVE-2023-53772)

nvd.nist.gov (CVE-2023-53772)