CVE-2023-53773 | THREATINT

Description

MiniDVBLinux 5.4 contains an unauthenticated vulnerability in the tv_action.sh script that allows remote attackers to generate live stream snapshots through the Simple VDR Protocol. Attackers can request /tpl/tv_action.sh to create and retrieve a live TV screenshot stored in /var/www/images/tv.jpg without authentication.

PUBLISHED Reserved 2025-12-08 | Published 2025-12-09 | Updated 2025-12-09 | Assigner VulnCheck

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-306: Missing Authentication for Critical Function

Product status

Default status

unaffected

<=5.4

affected

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab finder

References

www.exploit-db.com/exploits/51095 (ExploitDB-51095) exploit

www.minidvblinux.de (MiniDVBLinux Product Homepage) product

www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5716.php (Zero Science Lab Disclosure (ZSL-2022-5716)) third-party-advisory

www.vulncheck.com/...d-live-stream-disclosure-via-tvactionsh (VulnCheck Advisory: MiniDVBLinux 5.4 Unauthenticated Live Stream Disclosure via tv_action.sh) third-party-advisory

cve.org (CVE-2023-53773)

nvd.nist.gov (CVE-2023-53773)