CVE-2022-50691

Name of the Vulnerable Software and Affected Versions MiniDVBLinux version 5.4

Description MiniDVBLinux version 5.4 contains a remote command execution issue that allows unauthenticated attackers to execute arbitrary commands as root. The issue is due to a flaw in the handling of the command GET parameter within the /tpl/commands.sh API endpoint. By sending malicious command values through this parameter, attackers can gain root-level system access.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the /tpl/commands.sh endpoint. Avoid using the command parameter in the affected API endpoint until the issue is resolved.