CVE-2023-53771 PUBLISHED

MiniDVBLinux 5.4 Unauthenticated Root Password Change via System Setup

Assigner: VulnCheck
Reserved: 08.12.2025 Published: 09.12.2025 Updated: 10.12.2025

MiniDVBLinux 5.4 contains an authentication bypass vulnerability that allows remote attackers to change the root password without authentication. Attackers can send crafted POST requests to the system setup endpoint with modified SYSTEM_PASSWORD parameters to reset root credentials.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
CVSS Score: 9.3

Product Status

Vendor MiniDVBLinux
Product MiniDVBLinux Change Root Password PoC
Versions Default: unaffected
  • Version <=5.4 is affected

Credits

  • LiquidWorm as Gjoko Krstic of Zero Science Lab finder

References

Problem Types

  • CWE-306: Missing Authentication for Critical Function CWE