Cyber Resilience

CVE-2022-50691

CriticalPublic PoCRCE

Published: 30 December 2025

Published
30 December 2025
Modified
12 January 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0126 65.8th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2022-50691 is a critical-severity OS Command Injection (CWE-78) vulnerability in Minidvblinux Minidvblinux. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 34.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2022-50691 is a remote command execution vulnerability in MiniDVBLinux 5.4, classified under CWE-78 (OS Command Injection). The issue stems from the /tpl/commands.sh endpoint, which processes the 'command' GET parameter without proper sanitization, enabling attackers to inject and execute arbitrary commands.

Unauthenticated attackers can exploit this vulnerability remotely over the network with low attack complexity and no privileges or user interaction required, as reflected in its CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Successful exploitation allows attackers to execute commands as root, resulting in complete system compromise with high impacts on confidentiality, integrity, and availability.

Advisories detailing the vulnerability, including potential mitigations, are available from sources such as VulnCheck (https://www.vulncheck.com/advisories/minidvblinux-remote-root-command-execution-via-commandssh), Zero Science Labs (https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5718.php), and Packet Storm Security (https://packetstormsecurity.com/files/168749/).

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

MiniDVBLinux 5.4 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary commands as root through the 'command' GET parameter. Attackers can exploit the /tpl/commands.sh endpoint by sending malicious command values to gain root-level system access.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

CVE-2022-50691 is an unauthenticated remote command injection vulnerability in a network-exposed web endpoint (/tpl/commands.sh), directly enabling exploitation of a public-facing application for arbitrary root command execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2023-53771Same product: Minidvblinux Minidvblinux
CVE-2023-53774Same product: Minidvblinux Minidvblinux
CVE-2025-60803Shared CWE-78
CVE-2026-34176Shared CWE-78
CVE-2025-62193Shared CWE-78
CVE-2026-42589Shared CWE-78
CVE-2025-56819Shared CWE-78
CVE-2026-42062Shared CWE-78
CVE-2024-57687Shared CWE-78
CVE-2026-34387Shared CWE-78

Affected Assets

minidvblinux
minidvblinux
5.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents OS command injection by requiring validation of the unsanitized 'command' GET parameter at the /tpl/commands.sh endpoint.

prevent

Remediates the specific command execution flaw in MiniDVBLinux 5.4 through timely identification, reporting, and correction.

prevent

Enforces access control policies to block unauthenticated remote access to the vulnerable /tpl/commands.sh endpoint.

References