MiniDVBLinux 5.4 Arbitrary File Read Vulnerability
Title: MiniDVBLinux 5.4 Arbitrary File Read Vulnerability
Advisory ID: ZSL-2022-5719
Type: Local/Remote
Impact: Exposure of System Information, Exposure of Sensitive Information
Risk: (5/5)
Release Date: 16.10.2022
BusyBox v1.25.1
Architecture: armhf, armhf-rpi2
GNU/Linux 4.19.127.203 (armv7l)
VideoDiskRecorder 2.4.6
[27.09.2022] Vendor contacted.
[15.10.2022] No response from the vendor.
[16.10.2022] Public security advisory released.
[2] https://cxsecurity.com/issue/WLB-2022100051
[3] https://www.exploit-db.com/exploits/51097
[04.12.2022] - Added reference [1] and [2]
[10.04.2023] - Added reference [3]
Web: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2022-5719
Type: Local/Remote
Impact: Exposure of System Information, Exposure of Sensitive Information
Risk: (5/5)
Release Date: 16.10.2022
Summary
MiniDVBLinux(TM) Distribution (MLD). MLD offers a simple way to convert a standard PC into a Multi Media Centre based on the Video Disk Recorder (VDR) by Klaus Schmidinger. Features of this Linux based Digital Video Recorder: Watch TV, Timer controlled recordings, Time Shift, DVD and MP3 Replay, Setup and configuration via browser, and a lot more. MLD strives to be as small as possible, modular, simple. It supports numerous hardware platforms, like classic desktops in 32/64bit and also various low power ARM systems.Description
The distribution suffers from an arbitrary file disclosure vulnerability. Using the 'file' GET parameter attackers can disclose arbitrary files on the affected device and disclose sensitive and system information.Vendor
MiniDVBLinux - https://www.minidvblinux.deAffected Version
<=5.4Tested On
MiniDVBLinux 5.4BusyBox v1.25.1
Architecture: armhf, armhf-rpi2
GNU/Linux 4.19.127.203 (armv7l)
VideoDiskRecorder 2.4.6
Vendor Status
[24.09.2022] Vulnerability discovered.[27.09.2022] Vendor contacted.
[15.10.2022] No response from the vendor.
[16.10.2022] Public security advisory released.
PoC
mldhd_fd.pyCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] https://packetstormsecurity.com/files/168754/[2] https://cxsecurity.com/issue/WLB-2022100051
[3] https://www.exploit-db.com/exploits/51097
Changelog
[16.10.2022] - Initial release[04.12.2022] - Added reference [1] and [2]
[10.04.2023] - Added reference [3]
Contact
Zero Science LabWeb: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk