CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-53770

MiniDVBLinux 5.4 contains an unauthenticated configuration download vulnerability that allows remote attackers to access sensitive system configuration files through a direct object reference. Attackers can exploit the backup download endpoint by sending a GET request with 'action=getconfig' to retrieve a complete system configuration archive containing sensitive credentials.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 41.1%

CVSS Severity

CVSS v3 Score 7.5

References

https://www.exploit-db.com/exploits/51091
https://www.minidvblinux.de
https://www.vulncheck.com/advisories/minidvblinux-unauthenticated-configuration-download-via-backup-endpoint
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5713.php

Products affected by CVE-2023-53770

Minidvblinux » Minidvblinux » Version: Any

cpe:2.3:a:minidvblinux:minidvblinux:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-53770

Products

Pricing

Contact Us