CVE-2023-53774

CriticalPublic PoC

Published: 09 December 2025

Published

09 December 2025

Modified

19 December 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0157 81.7th percentile

Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Description

MiniDVBLinux 5.4 contains a remote code execution vulnerability in the SVDRP protocol that allows remote attackers to send commands to manipulate TV systems. Attackers can send crafted SVDRP commands through the svdrpsend.sh script to execute messages and potentially control the…

video disk recorder remotely.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly requires identification, reporting, and correction of known flaws like this RCE vulnerability in the SVDRP protocol implementation.

SC-7 Boundary Protection good match

prevent

Prevents remote exploitation by monitoring and controlling communications at external boundaries to block access to the vulnerable unauthenticated SVDRP service.

IA-8 Identification and Authentication (Non-organizational Users) good match

prevent

Mandates unique identification and authentication for non-organizational users or processes, addressing the missing authentication (CWE-306) that enables crafted SVDRP commands to achieve RCE.

Security SummaryAI

MiniDVBLinux 5.4, a Linux distribution for video disk recorders, contains a remote code execution vulnerability identified as CVE-2023-53774 in its implementation of the SVDRP protocol. This flaw, classified under CWE-306 (Missing Authentication for Critical Function), allows remote attackers to send crafted SVDRP commands through the svdrpsend.sh script. These commands can execute arbitrary messages, enabling manipulation and remote control of the TV system and video disk recorder.

The vulnerability has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating it is exploitable over the network with low complexity, no privileges or user interaction required. Any unauthenticated remote attacker who can reach the affected SVDRP service can send malicious commands to achieve full remote code execution, potentially compromising confidentiality, integrity, and availability of the system, including control over TV recording and playback functions.

Advisories from VulnCheck and Zero Science Laboratory (ZSL-2022-5714) describe the issue in detail, with a public proof-of-concept exploit available on Exploit-DB (51093). Additional resources include the MiniDVBLinux website and the LinuxTV VDR Wiki on SVDRP commands. No specific patch details are outlined in the provided references, but practitioners should consult these for mitigation guidance.

A public exploit confirms active interest, suggesting potential real-world exploitation risk for exposed MiniDVBLinux 5.4 deployments.

Details

CWE(s): CWE-306

Affected Products

minidvblinux

≤ 5.4

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The vulnerability allows unauthenticated remote code execution over the network via a public-facing SVDRP service, directly mapping to exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://www.exploit-db.com/exploits/51093
Exploit, Third Party Advisory, VDB Entry · disclosure@vulncheck.com
https://www.linuxtv.org/vdrwiki/index.php/SVDRP#The_commands
Not Applicable · disclosure@vulncheck.com
https://www.minidvblinux.de
Product · disclosure@vulncheck.com
https://www.vulncheck.com/advisories/minidvblinux-simple-videodiskrecorder-protocol-remote-code-execution
Third Party Advisory · disclosure@vulncheck.com
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5714.php
Exploit, Third Party Advisory · disclosure@vulncheck.com