MiniDVBLinux 5.4 Remote Root Command Injection Vulnerability
Title: MiniDVBLinux 5.4 Remote Root Command Injection Vulnerability
Advisory ID: ZSL-2022-5717
Type: Local/Remote
Impact: System Access, DoS
Risk: (5/5)
Release Date: 16.10.2022
BusyBox v1.25.1
Architecture: armhf, armhf-rpi2
GNU/Linux 4.19.127.203 (armv7l)
VideoDiskRecorder 2.4.6
[27.09.2022] Vendor contacted.
[15.10.2022] No response from the vendor.
[16.10.2022] Public security advisory released.
[2] https://cxsecurity.com/issue/WLB-2022100049
[3] https://www.exploit-db.com/exploits/51096
[04.12.2022] - Added reference [1] and [2]
[10.04.2023] - Added reference [3]
Web: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2022-5717
Type: Local/Remote
Impact: System Access, DoS
Risk: (5/5)
Release Date: 16.10.2022
Summary
MiniDVBLinux(TM) Distribution (MLD). MLD offers a simple way to convert a standard PC into a Multi Media Centre based on the Video Disk Recorder (VDR) by Klaus Schmidinger. Features of this Linux based Digital Video Recorder: Watch TV, Timer controlled recordings, Time Shift, DVD and MP3 Replay, Setup and configuration via browser, and a lot more. MLD strives to be as small as possible, modular, simple. It supports numerous hardware platforms, like classic desktops in 32/64bit and also various low power ARM systems.Description
The application suffers from an OS command injection vulnerability. This can be exploited to execute arbitrary commands with root privileges.Vendor
MiniDVBLinux - https://www.minidvblinux.deAffected Version
<=5.4Tested On
MiniDVBLinux 5.4BusyBox v1.25.1
Architecture: armhf, armhf-rpi2
GNU/Linux 4.19.127.203 (armv7l)
VideoDiskRecorder 2.4.6
Vendor Status
[24.09.2022] Vulnerability discovered.[27.09.2022] Vendor contacted.
[15.10.2022] No response from the vendor.
[16.10.2022] Public security advisory released.
PoC
mldhd_root2.pyCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] https://packetstormsecurity.com/files/168744/[2] https://cxsecurity.com/issue/WLB-2022100049
[3] https://www.exploit-db.com/exploits/51096
Changelog
[16.10.2022] - Initial release[04.12.2022] - Added reference [1] and [2]
[10.04.2023] - Added reference [3]
Contact
Zero Science LabWeb: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk