CVE-2023-53773

Name of the Vulnerable Software and Affected Versions MiniDVBLinux version 5.4

Description The software contains an unauthenticated issue in the tv action.sh script. This allows remote attackers to generate live stream snapshots using the Simple VDR Protocol. Attackers can request the /tpl/tv action.sh endpoint to create and retrieve a live TV screenshot stored in /var/www/images/tv.jpg without needing to authenticate.

Recommendations Apply any available updates to address the issue in the tv action.sh script. As a temporary workaround, restrict access to the /tpl/tv action.sh endpoint.