← Advisories

MiniDVBLinux 5.4 Change Root Password PoC

Critical

Advisory ID

ZSL-2022-5715

Release Date

16 October 2022

Vendor

MiniDVBLinux - https://www.minidvblinux.de

Affected Version

<=5.4

CVE

N/A

Tested On

MiniDVBLinux 5.4, BusyBox v1.25.1, Architecture: armhf, armhf-rpi2, GNU/Linux 4.19.127.203 (armv7l), VideoDiskRecorder 2.4.6

Summary

MiniDVBLinux(TM) Distribution (MLD). MLD offers a simple way to convert a standard PC into a Multi Media Centre based on the Video Disk Recorder (VDR) by Klaus Schmidinger. Features of this Linux based Digital Video Recorder: Watch TV, Timer controlled recordings, Time Shift, DVD and MP3 Replay, Setup and configuration via browser, and a lot more. MLD strives to be as small as possible, modular, simple. It supports numerous hardware platforms, like classic desktops in 32/64bit and also various low power ARM systems.

Description

The application allows a remote attacker to change the root password of the system without authentication (disabled by default) and verification of previously assigned credential. Command execution also possible using several POST parameters.

Proof of Concept

mldhd_rootpwd.txtTXT

Disclosure Timeline

24.09.2022Vulnerability discovered.

27.09.2022Vendor contacted.

15.10.2022No response from the vendor.

16.10.2022Public security advisory released.

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]https://packetstormsecurity.com/files/168733/

[2]https://cxsecurity.com/issue/WLB-2022100044

[3]https://www.exploit-db.com/exploits/51094

Changelog

16.10.2022Initial release

04.12.2022Added reference [1] and [2]

10.04.2023Added reference [3]