CVE-2023-53771

CRITICAL

MiniDVBLinux 5.4 - Auth Bypass

Title source: llm

Description

MiniDVBLinux 5.4 contains an authentication bypass vulnerability that allows remote attackers to change the root password without authentication. Attackers can send crafted POST requests to the system setup endpoint with modified SYSTEM_PASSWORD parameters to reset root credentials.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textremotehardware

https://www.exploit-db.com/exploits/51094

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/51094

[Product] https://www.minidvblinux.de

[Third Party Advisory] https://www.vulncheck.com/advisories/minidvblinux-unauthenticated-root-password-change-via-system-setup

[Exploit, Third Party Advisory] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5715.php

Scores

CVSS v3 9.8

EPSS 0.0140

EPSS Percentile 80.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-306

Status published

Affected Products (1)

minidvblinux/minidvblinux < 5.4

Timeline

Published Dec 09, 2025

Tracked Since Feb 18, 2026