CVE-2023-53771

critical

Description

MiniDVBLinux 5.4 contains an authentication bypass vulnerability that allows remote attackers to change the root password without authentication. Attackers can send crafted POST requests to the system setup endpoint with modified SYSTEM_PASSWORD parameters to reset root credentials.

References

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5715.php

https://www.vulncheck.com/advisories/minidvblinux-unauthenticated-root-password-change-via-system-setup

https://www.minidvblinux.de

https://www.exploit-db.com/exploits/51094

Details

Source: Mitre, NVD

Published: 2025-12-09

Updated: 2025-12-12

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

CVSS v4

Base Score: 9.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Severity: Critical

EPSS

EPSS: 0.00578