CVE-2023-53770

HIGH

MiniDVBLinux 5.4 - Unauthenticated Sensitive Configuration Download via Backup Endpoint

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-53770. PoCs published by LiquidWorm.

AI-analyzed exploit summary The exploit demonstrates an unauthenticated configuration download vulnerability in MiniDVBLinux <=5.4. By sending a crafted HTTP GET request to the backup function, an attacker can disclose sensitive information, including system configuration files and password hashes.

Description

MiniDVBLinux 5.4 contains an unauthenticated configuration download vulnerability that allows remote attackers to access sensitive system configuration files through a direct object reference. Attackers can exploit the backup download endpoint by sending a GET request with 'action=getconfig' to retrieve a complete system configuration archive containing sensitive credentials.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textremotehardware

https://www.exploit-db.com/exploits/51091

View Code ZIP pw:eip

The exploit demonstrates an unauthenticated configuration download vulnerability in MiniDVBLinux <=5.4. By sending a crafted HTTP GET request to the backup function, an attacker can disclose sensitive information, including system configuration files and password hashes.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: MiniDVBLinux <=5.4

No auth needed

Prerequisites: Network access to the target system · Target system running MiniDVBLinux <=5.4

MITRE ATT&CK

T1592 - Gather Victim Host Information T1082 - System Information Discovery

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Product product

https://www.minidvblinux.de

Exploit, Third Party Advisory, VDB Entry exploit

https://www.exploit-db.com/exploits/51091

Exploit, Third Party Advisory third-party-advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5713.php

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/minidvblinux-unauthenticated-configuration-download-via-backup-endpoint

Scores

CVSS v3 7.5

EPSS 0.0047

EPSS Percentile 36.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-260

Status published

Products (2)

minidvblinux/minidvblinux < 5.4

MiniDVBLinux/MiniDVBLinux(TM) Distribution (MLD) <=5.4

Published Dec 09, 2025

Tracked Since Feb 18, 2026