HIGH🇵🇱 Wersja polska

CVE-2023-53772

CVSS 8.7v4.0pub. 2025-12-09upd. 2025-12-19

MiniDVBLinux 5.4 contains an arbitrary file disclosure vulnerability that allows attackers to read sensitive system files through the 'file' GET parameter. Attackers can exploit the about page by supplying file paths to disclose arbitrary file contents on the affected device.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Minidvblinux

    APP
    Minidvblinux
    ≤ 5.4
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Path Traversal
CWE
References

Related vulnerabilities

CVE-2022-50691CRITICAL9.3PL ✓ten sam produkt

MiniDVBLinux 5.4 — zdalny RCE jako root przez command injection

CVE-2023-53771CRITICAL9.3PL ✓ten sam produkt

MiniDVBLinux 5.4 — Authentication Bypass umożliwiający zmianę hasła root

CVE-2025-25038CRITICAL9.3PL ✓ten sam produkt

MiniDVBLinux ≤5.4 — OS command injection z pominięciem uwierzytelnienia

CVE-2023-53770HIGH8.7ten sam produkt

MiniDVBLinux 5.4 contains an unauthenticated configuration download vulnerability that allows remote attackers...

CVE-2023-53773HIGH8.7ten sam produkt

MiniDVBLinux 5.4 contains an unauthenticated vulnerability in the tv_action.sh script that allows remote attac...