MiniDVBLinux 5.4 contains an arbitrary file disclosure vulnerability that allows attackers to read sensitive system files through the 'file' GET parameter. Attackers can exploit the about page by supplying file paths to disclose arbitrary file contents on the affected device.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XMinidvblinux
APPMinidvblinux≤ 5.4
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Path Traversal
CWE
Related vulnerabilities
CVE-2022-50691CRITICAL9.3PL ✓ten sam produkt
MiniDVBLinux 5.4 — zdalny RCE jako root przez command injection
CVE-2023-53771CRITICAL9.3PL ✓ten sam produkt
MiniDVBLinux 5.4 — Authentication Bypass umożliwiający zmianę hasła root
CVE-2025-25038CRITICAL9.3PL ✓ten sam produkt
MiniDVBLinux ≤5.4 — OS command injection z pominięciem uwierzytelnienia
CVE-2023-53770HIGH8.7ten sam produkt
MiniDVBLinux 5.4 contains an unauthenticated configuration download vulnerability that allows remote attackers...
CVE-2023-53773HIGH8.7ten sam produkt
MiniDVBLinux 5.4 contains an unauthenticated vulnerability in the tv_action.sh script that allows remote attac...