CVE-2023-53771

CRITICAL

MiniDVBLinux 5.4 - Auth Bypass

Title source: llm

Description

MiniDVBLinux 5.4 contains an authentication bypass vulnerability that allows remote attackers to change the root password without authentication. Attackers can send crafted POST requests to the system setup endpoint with modified SYSTEM_PASSWORD parameters to reset root credentials.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textremotehardware

https://www.exploit-db.com/exploits/51094

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/51094

[Product] https://www.minidvblinux.de

[Third Party Advisory] https://www.vulncheck.com/advisories/minidvblinux-unauthenticated-root-password-change-via-system-setup

[Exploit, Third Party Advisory] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5715.php

Scores

CVSS v3 9.8

EPSS 0.0163

EPSS Percentile 82.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-306

Status published

Products (2)

minidvblinux/minidvblinux < 5.4

MiniDVBLinux/MiniDVBLinux Change Root Password PoC <=5.4

Published Dec 09, 2025

Tracked Since Feb 18, 2026