## https://sploitus.com/exploit?id=11FFA65A-A589-5495-B21B-D7E62E31AEAF
# CVE-2022-50691
## Summary
CVE-2022-50691 describes a remote command execution vulnerability in MiniDVBLinux 5.4. The flaw allows unauthenticated attackers to execute arbitrary commands as root by exploiting the GET parameter named command on the /tpl/commands.sh endpoint. This results in full control of the affected system with root privileges, enabling compromise of confidentiality, integrity, and availability.
## Affected products/vendors
- MiniDVBLinux version 5.4
CPE: cpe:2.3:a:minidvblinux:minidvblinux:5.4:*:*:*:*:*:*:*
## Exploitation details
- Access vector: Network (remote)
- Authentication: None required (unauthenticated)
- Endpoint: /tpl/commands.sh
- Parameter exploited: command (GET parameter)
- Outcome: Execution of arbitrary commands with root privileges, providing root-level system access
- Implication: The vulnerability permits remote code execution without interaction from a user, enabling immediate and wide-reaching control over the host
Note: Exploitation guidance and sample exploit references are documented in third-party advisories, including Zer0Science disclosures and vulncheck advisory feeds.
## Mitigation steps
- Apply vendor-provided patch or upgrade to a fixed version of MiniDVBLinux as soon as available.
- If patches are not immediately available, restrict access to the vulnerable endpoint:
- Place the affected system behind a firewall or network access control to limit exposure to trusted networks.
- Disable or remove the /tpl/commands.sh functionality if possible and safe for operations.
- Implement compensating controls:
- Network segmentation and strict architectural controls to minimize exposure of devices running MiniDVBLinux 5.4.
- Continuous monitoring and logging of requests to /tpl/commands.sh, with alerting for unusual command values.
- Validate and harden input handling in any web-facing components; ensure command execution paths are properly sandboxed or avoided.
- Perform a full post-compromise assessment if exposure is suspected, including credential rotation and integrity checks of critical binaries.
## Potential impact
- Full system compromise: Adversaries can obtain root privileges and take complete control of the affected device.
- Confidentiality breach: Potential exposure or exfiltration of sensitive data.
- Integrity compromise: Unauthorized modification of system files and configurations.
- Availability disruption: Remote execution could be used to disable security controls, install backdoors, or render the system unusable.
## CVSS and weaknesses
- CVSS v3.1: 9.8 (CRITICAL)
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- CVSS v4.0: 9.3 (CRITICAL)
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Weakness: CWE-78 (OS Command Injection)
## References
- Packet Storm advisory: https://packetstormsecurity.com/files/168749/
- VulnCheck advisory: https://www.vulncheck.com/advisories/minidvblinux-remote-root-command-execution-via-commandssh
- Zer0Science vulnerability write-ups: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5718.php