Primary

Context

MiniDVBLinux Remote Root Command Execution Vulnerability

Vulnerability

A remote command execution vulnerability has been identified in MiniDVBLinux version 5.4. This vulnerability allows unauthenticated attackers to execute arbitrary commands as root by exploiting the 'command' GET parameter in the '/tpl/commands.sh' endpoint.

Impact

Exploitation of this vulnerability leads to unauthorized root-level access on the affected system.

Reproduction

The vulnerability can be reproduced by sending a GET request to the '/tpl/commands.sh' endpoint with the 'command' parameter set to a desired command. The command will be executed with root privileges, and the output can be retrieved from the response.

Added: Dec 30, 2025, 11:56 PM

Updated: Dec 30, 2025, 11:56 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.7

remediation

0.0

relevance

1.7

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.7

remediation

0.0

relevance

1.7

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MiniDVBLinux Remote Root Command Execution Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating