Cyber Resilience

CVE-2023-53771

CriticalPublic PoC

Published: 09 December 2025

Published
09 December 2025
Modified
19 December 2025
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0107 78.1th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-53771 is a critical-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Minidvblinux Minidvblinux. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 21.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2023-53771 is an authentication bypass vulnerability (CWE-306) affecting MiniDVBLinux 5.4. The flaw enables remote attackers to change the root password without authentication by sending crafted POST requests to the system setup endpoint with modified SYSTEM_PASSWORD parameters, effectively resetting root credentials.

Remote attackers can exploit this vulnerability over the network with no privileges, low attack complexity, and no user interaction required, as reflected in its CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Successful exploitation grants attackers full control over the system by altering root credentials, resulting in high impacts to confidentiality, integrity, and availability.

Advisories from VulnCheck and Zero Science, along with a public exploit on Exploit-DB, detail the issue, while the vendor site at minidvblinux.de provides additional context. These references outline exploitation methods and recommend mitigations such as restricting access to the system setup endpoint.

A proof-of-concept exploit is publicly available on Exploit-DB, indicating potential for real-world exploitation against exposed MiniDVBLinux 5.4 instances.

EU & UK References

Vulnerability details

MiniDVBLinux 5.4 contains an authentication bypass vulnerability that allows remote attackers to change the root password without authentication. Attackers can send crafted POST requests to the system setup endpoint with modified SYSTEM_PASSWORD parameters to reset root credentials.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The vulnerability is an authentication bypass in a remotely accessible web system setup endpoint, allowing unauthenticated attackers to change the root password via crafted POST requests, directly enabling exploitation of a public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2023-53774Same product: Minidvblinux Minidvblinux
CVE-2022-50691Same product: Minidvblinux Minidvblinux
CVE-2025-21515Shared CWE-306
CVE-2025-57432Shared CWE-306
CVE-2026-27446Shared CWE-306
CVE-2026-21446Shared CWE-306
CVE-2021-47891Shared CWE-306
CVE-2025-41715Shared CWE-306
CVE-2026-24790Shared CWE-306
CVE-2025-21524Shared CWE-306

Affected Assets

minidvblinux
minidvblinux
≤ 5.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Prohibits permitting sensitive actions like root password changes on the system setup endpoint without identification and authentication, directly addressing the authentication bypass.

prevent

Enforces approved authorizations for access to the system setup endpoint, preventing unauthorized crafted POST requests that bypass authentication.

prevent

Restricts external network communications to the vulnerable system setup endpoint, mitigating remote exploitation as recommended by advisories.

References