MiniDVBLinux Unauthenticated Configuration Download Vulnerability

A vulnerability in MiniDVBLinux versions through 5.4 allows remote attackers to download sensitive system configuration files without authentication. This is achieved by exploiting the backup download endpoint and sending a GET request with 'action=getconfig'. The response includes a complete system configuration archive that contains sensitive credentials.

Impact

Exploitation of this vulnerability leads to unauthorized access to sensitive system information, including credentials, which could facilitate authentication bypass, privilege escalation, and full system access.

Reproduction

To reproduce this vulnerability, send a GET request to the backup download endpoint with the 'action=getconfig' parameter. This will trigger the download of a configuration archive containing sensitive information. The vulnerability can be verified by extracting the downloaded archive and accessing the 'etc/passwd' file, which reveals user credentials, including the root password.