MiniDVBLinux 5.4 contains an authentication bypass vulnerability that allows remote attackers to change the root password without authentication. Attackers can send crafted POST requests to the system setup endpoint with modified SYSTEM_PASSWORD parameters to reset root credentials.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XMinidvblinux
APPMinidvblinux≤ 5.4
Related vulnerabilities
MiniDVBLinux 5.4 — zdalny RCE jako root przez command injection
MiniDVBLinux ≤5.4 — OS command injection z pominięciem uwierzytelnienia
MiniDVBLinux 5.4 contains an unauthenticated configuration download vulnerability that allows remote attackers...
MiniDVBLinux 5.4 contains an arbitrary file disclosure vulnerability that allows attackers to read sensitive s...
MiniDVBLinux 5.4 contains an unauthenticated vulnerability in the tv_action.sh script that allows remote attac...