Unauthenticated Configuration Download Vulnerability in MiniDVBLinux by VDR
CVE-2023-53770

8.7HIGH

Key Information:

Vendor: Minidvblinux
Status: Minidvblinux(tm) Distribution (mld)
Vendor: CVE Published:; 9 December 2025

🔔 Create Minidvblinux Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2023-53770?

The MiniDVBLinux 5.4 platform contains a vulnerability that allows unauthorized users to access sensitive system configuration files. This issue arises from an exposed backup download endpoint which can be exploited by sending a GET request with the parameter 'action=getconfig'. Initiating this request enables attackers to retrieve a complete archive of system configurations, including sensitive credentials, thereby posing a significant risk to system integrity and data confidentiality.

Affected Version(s)

MiniDVBLinux(TM) Distribution (MLD) <=5.4

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-53770 - Proof of Concept