CVE-2023-53773
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-09

Last updated on: 2025-12-09

Assigner: VulnCheck

Description
MiniDVBLinux 5.4 contains an unauthenticated vulnerability in the tv_action.sh script that allows remote attackers to generate live stream snapshots through the Simple VDR Protocol. Attackers can request /tpl/tv_action.sh to create and retrieve a live TV screenshot stored in /var/www/images/tv.jpg without authentication.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-09
Last Modified
2025-12-09
Generated
2026-06-16
AI Q&A
2025-12-09
EPSS Evaluated
2026-06-14
NVD
CVE-2023-53773
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
minidvblinux minidvblinux 5.4
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in MiniDVBLinux 5.4 involves the tv_action.sh script, which allows remote attackers to generate live stream snapshots without any authentication. By requesting the /tpl/tv_action.sh endpoint, an attacker can create and retrieve a live TV screenshot stored at /var/www/images/tv.jpg, potentially exposing live TV content.

Impact Analysis

The vulnerability allows unauthorized remote attackers to access live TV screenshots without authentication, which could lead to unauthorized disclosure of live broadcast content. This may result in privacy breaches or exposure of sensitive information being broadcasted, depending on the content of the live stream.

Compliance Impact

The vulnerability allows unauthenticated remote attackers to access live stream snapshots without authorization, leading to exposure of potentially sensitive video stream information. This unauthorized disclosure of sensitive data could result in non-compliance with data protection regulations such as GDPR or HIPAA, which require safeguarding personal and sensitive information against unauthorized access. Therefore, organizations using affected MiniDVBLinux 5.4 systems may face compliance risks due to this vulnerability. [1, 4]

Detection Guidance

You can detect this vulnerability by checking if the /tpl/tv_action.sh script is accessible without authentication and if it generates live stream snapshots at /var/www/images/tv.jpg. A practical detection method is to send an HTTP request to the vulnerable endpoint and verify if the snapshot image is created and accessible. For example, you can use curl to send a request: `curl http://<target-ip>/tpl/tv_action.sh?cmd=GRAB` and then check if the image exists: `curl http://<target-ip>/images/tv.jpg`. If the image is returned, the system is vulnerable. [2]

Mitigation Strategies

Immediate mitigation steps include restricting access to the /tpl/tv_action.sh script to authenticated users only, implementing proper access controls to prevent unauthenticated requests, and disabling or removing the vulnerable script if not needed. Additionally, monitoring and blocking unauthorized HTTP requests to this endpoint can help reduce exploitation risk until a patch or update is available. [1, 4]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53773. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart