The distribution suffers from an arbitrary file disclosure vulnerability. Using the 'file' GET parameter attackers can disclose arbitrary files on the affected device and disclose sensitive and system information.

Title: MiniDVBLinux 5.4 Arbitrary File Read Vulnerability  
Advisory ID: ZSL-2022-5719  
Type: Local/Remote  
Impact: Exposure of System Information, Exposure of Sensitive Information  
Risk: (5/5)  
Release Date: 16.10.2022

**Summary**

MiniDVBLinux(TM) Distribution (MLD). MLD offers a simple way to convert a standard PC into a Multi Media Centre based on the Video Disk Recorder (VDR) by Klaus Schmidinger. Features of this Linux based Digital Video Recorder: Watch TV, Timer controlled recordings, Time Shift, DVD and MP3 Replay, Setup and configuration via browser, and a lot more. MLD strives to be as small as possible, modular, simple. It supports numerous hardware platforms, like classic desktops in 32/64bit and also various low power ARM systems.

**Description**

The distribution suffers from an arbitrary file disclosure vulnerability. Using the 'file' GET parameter attackers can disclose arbitrary files on the affected device and disclose sensitive and system information.

**Vendor**

MiniDVBLinux - https://www.minidvblinux.de

**Affected Version**

<=5.4

**Tested On**

MiniDVBLinux 5.4  
BusyBox v1.25.1  
Architecture: armhf, armhf-rpi2  
GNU/Linux 4.19.127.203 (armv7l)  
VideoDiskRecorder 2.4.6

**Vendor Status**

\[24.09.2022\] Vulnerability discovered.  
\[27.09.2022\] Vendor contacted.  
\[15.10.2022\] No response from the vendor.  
\[16.10.2022\] Public security advisory released.

**PoC**

mldhd\_fd.py

**Credits**

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk\>

**References**

N/A

**Changelog**

\[16.10.2022\] - Initial release

**Contact**

Zero Science Lab

Web: https://www.zeroscience.mk  
e-mail: lab@zeroscience.mk

MiniDVBLinux 5.4 Arbitrary File Read Vulnerability

The application suffers from an OS command execution vulnerability. This can be exploited to execute arbitrary commands as root, through the 'command' GET parameter in /tpl/commands.sh.

Title: MiniDVBLinux 5.4 Remote Root Command Execution Vulnerability  
Advisory ID: ZSL-2022-5718  
Type: Local/Remote  
Impact: System Access, DoS  
Risk: (5/5)  
Release Date: 16.10.2022

**Summary**

MiniDVBLinux(TM) Distribution (MLD). MLD offers a simple way to convert a standard PC into a Multi Media Centre based on the Video Disk Recorder (VDR) by Klaus Schmidinger. Features of this Linux based Digital Video Recorder: Watch TV, Timer controlled recordings, Time Shift, DVD and MP3 Replay, Setup and configuration via browser, and a lot more. MLD strives to be as small as possible, modular, simple. It supports numerous hardware platforms, like classic desktops in 32/64bit and also various low power ARM systems.

**Description**

The application suffers from an OS command execution vulnerability. This can be exploited to execute arbitrary commands as root, through the 'command' GET parameter in /tpl/commands.sh.

**Vendor**

MiniDVBLinux - https://www.minidvblinux.de

**Affected Version**

<=5.4

**Tested On**

MiniDVBLinux 5.4  
BusyBox v1.25.1  
Architecture: armhf, armhf-rpi2  
GNU/Linux 4.19.127.203 (armv7l)  
VideoDiskRecorder 2.4.6

**Vendor Status**

\[24.09.2022\] Vulnerability discovered.  
\[27.09.2022\] Vendor contacted.  
\[15.10.2022\] No response from the vendor.  
\[16.10.2022\] Public security advisory released.

**PoC**

mldhd\_root1.py

**Credits**

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk\>

**References**

N/A

**Changelog**

\[16.10.2022\] - Initial release

**Contact**

Zero Science Lab

Web: https://www.zeroscience.mk  
e-mail: lab@zeroscience.mk

MiniDVBLinux 5.4 Remote Root Command Execution Vulnerability

The application suffers from an OS command injection vulnerability. This can be exploited to execute arbitrary commands with root privileges.

Title: MiniDVBLinux 5.4 Remote Root Command Injection Vulnerability  
Advisory ID: ZSL-2022-5717  
Type: Local/Remote  
Impact: System Access, DoS  
Risk: (5/5)  
Release Date: 16.10.2022

**Summary**

MiniDVBLinux(TM) Distribution (MLD). MLD offers a simple way to convert a standard PC into a Multi Media Centre based on the Video Disk Recorder (VDR) by Klaus Schmidinger. Features of this Linux based Digital Video Recorder: Watch TV, Timer controlled recordings, Time Shift, DVD and MP3 Replay, Setup and configuration via browser, and a lot more. MLD strives to be as small as possible, modular, simple. It supports numerous hardware platforms, like classic desktops in 32/64bit and also various low power ARM systems.

**Description**

The application suffers from an OS command injection vulnerability. This can be exploited to execute arbitrary commands with root privileges.

**Vendor**

MiniDVBLinux - https://www.minidvblinux.de

**Affected Version**

<=5.4

**Tested On**

MiniDVBLinux 5.4  
BusyBox v1.25.1  
Architecture: armhf, armhf-rpi2  
GNU/Linux 4.19.127.203 (armv7l)  
VideoDiskRecorder 2.4.6

**Vendor Status**

\[24.09.2022\] Vulnerability discovered.  
\[27.09.2022\] Vendor contacted.  
\[15.10.2022\] No response from the vendor.  
\[16.10.2022\] Public security advisory released.

**PoC**

mldhd\_root2.py

**Credits**

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk\>

**References**

N/A

**Changelog**

\[16.10.2022\] - Initial release

**Contact**

Zero Science Lab

Web: https://www.zeroscience.mk  
e-mail: lab@zeroscience.mk

MiniDVBLinux 5.4 Remote Root Command Injection Vulnerability

The application suffers from an unauthenticated live stream disclosure when /tpl/tv_action.sh is called and generates a snapshot in /var/www/images/tv.jpg through the Simple VDR Protocol (SVDRP).

Title: MiniDVBLinux 5.4 Unauthenticated Stream Disclosure Vulnerability  
Advisory ID: ZSL-2022-5716  
Type: Local/Remote  
Impact: Exposure of Sensitive Information  
Risk: (3/5)  
Release Date: 16.10.2022

**Summary**

MiniDVBLinux(TM) Distribution (MLD). MLD offers a simple way to convert a standard PC into a Multi Media Centre based on the Video Disk Recorder (VDR) by Klaus Schmidinger. Features of this Linux based Digital Video Recorder: Watch TV, Timer controlled recordings, Time Shift, DVD and MP3 Replay, Setup and configuration via browser, and a lot more. MLD strives to be as small as possible, modular, simple. It supports numerous hardware platforms, like classic desktops in 32/64bit and also various low power ARM systems.

**Description**

The application suffers from an unauthenticated live stream disclosure when /tpl/tv\_action.sh is called and generates a snapshot in /var/www/images/tv.jpg through the Simple VDR Protocol (SVDRP).

**Vendor**

MiniDVBLinux - https://www.minidvblinux.de

**Affected Version**

<=5.4

**Tested On**

MiniDVBLinux 5.4  
BusyBox v1.25.1  
Architecture: armhf, armhf-rpi2  
GNU/Linux 4.19.127.203 (armv7l)  
VideoDiskRecorder 2.4.6

**Vendor Status**

\[24.09.2022\] Vulnerability discovered.  
\[27.09.2022\] Vendor contacted.  
\[15.10.2022\] No response from the vendor.  
\[16.10.2022\] Public security advisory released.

**PoC**

mldhd\_stream.txt

**Credits**

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk\>

**References**

N/A

**Changelog**

\[16.10.2022\] - Initial release

**Contact**

Zero Science Lab

Web: https://www.zeroscience.mk  
e-mail: lab@zeroscience.mk

MiniDVBLinux 5.4 Unauthenticated Stream Disclosure Vulnerability

The application allows a remote attacker to change the root password of the system without authentication (disabled by default) and verification of previously assigned credential. Command execution also possible using several POST parameters.

Title: MiniDVBLinux 5.4 Change Root Password PoC  
Advisory ID: ZSL-2022-5715  
Type: Local/Remote  
Impact: Security Bypass, System Access, DoS, Cross-Site Scripting  
Risk: (5/5)  
Release Date: 16.10.2022

**Summary**

MiniDVBLinux(TM) Distribution (MLD). MLD offers a simple way to convert a standard PC into a Multi Media Centre based on the Video Disk Recorder (VDR) by Klaus Schmidinger. Features of this Linux based Digital Video Recorder: Watch TV, Timer controlled recordings, Time Shift, DVD and MP3 Replay, Setup and configuration via browser, and a lot more. MLD strives to be as small as possible, modular, simple. It supports numerous hardware platforms, like classic desktops in 32/64bit and also various low power ARM systems.

**Description**

The application allows a remote attacker to change the root password of the system without authentication (disabled by default) and verification of previously assigned credential. Command execution also possible using several POST parameters.

**Vendor**

MiniDVBLinux - https://www.minidvblinux.de

**Affected Version**

<=5.4

**Tested On**

MiniDVBLinux 5.4  
BusyBox v1.25.1  
Architecture: armhf, armhf-rpi2  
GNU/Linux 4.19.127.203 (armv7l)  
VideoDiskRecorder 2.4.6

**Vendor Status**

\[24.09.2022\] Vulnerability discovered.  
\[27.09.2022\] Vendor contacted.  
\[15.10.2022\] No response from the vendor.  
\[16.10.2022\] Public security advisory released.

**PoC**

mldhd\_rootpwd.txt

**Credits**

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk\>

**References**

N/A

**Changelog**

\[16.10.2022\] - Initial release

**Contact**

Zero Science Lab

Web: https://www.zeroscience.mk  
e-mail: lab@zeroscience.mk

MiniDVBLinux 5.4 Change Root Password PoC

The application allows the usage of the SVDRP protocol/commands to be sent by a remote attacker to manipulate and/or control remotely the TV.

Title: MiniDVBLinux 5.4 Simple VideoDiskRecorder Protocol SVDRP (svdrpsend.sh) Exploit  
Advisory ID: ZSL-2022-5714  
Type: Local/Remote  
Impact: Security Bypass, System Access, DoS  
Risk: (5/5)  
Release Date: 16.10.2022

**Summary**

MiniDVBLinux(TM) Distribution (MLD). MLD offers a simple way to convert a standard PC into a Multi Media Centre based on the Video Disk Recorder (VDR) by Klaus Schmidinger. Features of this Linux based Digital Video Recorder: Watch TV, Timer controlled recordings, Time Shift, DVD and MP3 Replay, Setup and configuration via browser, and a lot more. MLD strives to be as small as possible, modular, simple. It supports numerous hardware platforms, like classic desktops in 32/64bit and also various low power ARM systems.

**Description**

The application allows the usage of the SVDRP protocol/commands to be sent by a remote attacker to manipulate and/or control remotely the TV.

**Vendor**

MiniDVBLinux - https://www.minidvblinux.de

**Affected Version**

<=5.4

**Tested On**

MiniDVBLinux 5.4  
BusyBox v1.25.1  
Architecture: armhf, armhf-rpi2  
GNU/Linux 4.19.127.203 (armv7l)  
VideoDiskRecorder 2.4.6

**Vendor Status**

\[24.09.2022\] Vulnerability discovered.  
\[27.09.2022\] Vendor contacted.  
\[15.10.2022\] No response from the vendor.  
\[16.10.2022\] Public security advisory released.

**PoC**

mldhd\_svdrp.txt

**Credits**

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk\>

**References**

N/A

**Changelog**

\[16.10.2022\] - Initial release

**Contact**

Zero Science Lab

Web: https://www.zeroscience.mk  
e-mail: lab@zeroscience.mk

MiniDVBLinux 5.4 Simple VideoDiskRecorder Protocol SVDRP (svdrpsend.sh) Exploit

The application is vulnerable to unauthenticated configuration download when direct object reference is made to the backup function using an HTTP GET request. This will enable the attacker to disclose sensitive information and help her in authentication bypass, privilege escalation and full system access.

Title: MiniDVBLinux 5.4 Config Download Exploit  
Advisory ID: ZSL-2022-5713  
Type: Local/Remote  
Impact: Security Bypass, Exposure of System Information, Exposure of Sensitive Information, System Access, DoS, Privilege Escalation  
Risk: (5/5)  
Release Date: 16.10.2022

**Summary**

MiniDVBLinux(TM) Distribution (MLD). MLD offers a simple way to convert a standard PC into a Multi Media Centre based on the Video Disk Recorder (VDR) by Klaus Schmidinger. Features of this Linux based Digital Video Recorder: Watch TV, Timer controlled recordings, Time Shift, DVD and MP3 Replay, Setup and configuration via browser, and a lot more. MLD strives to be as small as possible, modular, simple. It supports numerous hardware platforms, like classic desktops in 32/64bit and also various low power ARM systems.

**Description**

The application is vulnerable to unauthenticated configuration download when direct object reference is made to the backup function using an HTTP GET request. This will enable the attacker to disclose sensitive information and help her in authentication bypass, privilege escalation and full system access.

**Vendor**

MiniDVBLinux - https://www.minidvblinux.de

**Affected Version**

<=5.4

**Tested On**

MiniDVBLinux 5.4  
BusyBox v1.25.1  
Architecture: armhf, armhf-rpi2  
GNU/Linux 4.19.127.203 (armv7l)  
VideoDiskRecorder 2.4.6

**Vendor Status**

\[24.09.2022\] Vulnerability discovered.  
\[27.09.2022\] Vendor contacted.  
\[15.10.2022\] No response from the vendor.  
\[16.10.2022\] Public security advisory released.

**PoC**

mldhd\_config.txt

**Credits**

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk\>

**References**

N/A

**Changelog**

\[16.10.2022\] - Initial release

**Contact**

Zero Science Lab

Web: https://www.zeroscience.mk  
e-mail: lab@zeroscience.mk

MiniDVBLinux 5.4 Config Download Exploit

SoX suffers from a division by zero attack when handling WAV files, resulting in denial of service vulnerability and possibly loss of data.

Title: SoX 14.4.2 (wav.c) Division By Zero  
Advisory ID: ZSL-2022-5712  
Type: Local  
Impact: DoS  
Risk: (2/5)  
Release Date: 18.09.2022

**Summary**

SoX (Sound eXchange) is the Swiss Army knife of sound processing tools: it can convert sound files between many different file formats and audio devices, and can apply many sound effects and transformations, as well as doing basic analysis and providing input to more capable analysis and plotting tools.

**Description**

SoX suffers from a division by zero attack when handling WAV files, resulting in denial of service vulnerability and possibly loss of data.

**Vendor**

Chris Bagwell - http://sox.sourceforge.net

**Affected Version**

<=14.4.2

**Tested On**

Ubuntu 18.04.6 LTS  
Microsoft Windows 10 Home

**Vendor Status**

N/A

**PoC**

sox\_div0.txt  
sox\_div0.wav.zip

**Credits**

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk\>

**References**

N/A

**Changelog**

\[18.09.2022\] - Initial release

**Contact**

Zero Science Lab

Web: https://www.zeroscience.mk  
e-mail: lab@zeroscience.mk

SoX 14.4.2 (wav.c) Division By Zero

Input passed to the GET parameter 'action' is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.

Title: ETAP Safety Manager 1.0.0.32 Remote Unauthenticated Reflected XSS  
Advisory ID: ZSL-2022-5711  
Type: Local/Remote  
Impact: Cross-Site Scripting  
Risk: (4/5)  
Release Date: 11.09.2022

**Summary**

The ETAP Safety Manager (ESM) is a central managing and control system that helps you to monitor, adjust and maintain your emergency lighting system. Therefore each luminaire connected to your ESM network is given a unique code. The ESM can easily identify the luminaires individually and automatically report whether all luminaires work properly. You can either choose between a wired or wireless network, or a combination of both. With ESM you will not only manage your self contained or your centrally supplied ‘ETAP Battery System’ (EBS) emergency luminaires’, but also DALI emergency units and K9 LED modules, which you can build into your luminaires. Since your ESM system is connected to the Internet, you will always have access to it through the World Wide Web. ESMweb™ is an ‘embedded web server’ application for monitoring an emergency lighting system, which runs in the ‘ESM web controller’. The ESMweb™ application can be accessed from any PC in the corporate network or connected to the Internet - by a standard web browser.

**Description**

Input passed to the GET parameter 'action' is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.

**Vendor**

ETAP Lighting International NV - https://www.etaplighting.com

**Affected Version**

1.0.0.32

**Tested On**

Apache/2.4.41 (Ubuntu)

**Vendor Status**

N/A

**PoC**

etap\_xss.txt

**Credits**

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk\>

**References**

N/A

**Changelog**

\[11.09.2022\] - Initial release

**Contact**

Zero Science Lab

Web: https://www.zeroscience.mk  
e-mail: lab@zeroscience.mk

ETAP Safety Manager 1.0.0.32 Remote Unauthenticated Reflected XSS

The home automation solution suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'name' GET parameter in 'delsnap.pl' Perl/CGI script which is used for deleting snapshots taken from the webcam.

Title: Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) Remote Root Exploit  
Advisory ID: ZSL-2022-5710  
Type: Local/Remote  
Impact: System Access, DoS  
Risk: (4/5)  
Release Date: 20.07.2022

**Summary**

SpaceLogic C-Bus Home Automation System Lighting control and automation solutions for buildings of the future, part of SpaceLogic. SpaceLogic C-Bus is a powerful, fully integrated system that can control and automate lighting and many other electrical systems and products. The SpaceLogic C-Bus system is robust, flexible, scalable and has proven solutions for buildings of the future. Implemented for commercial and residential buildings automation, it brings control, comfort, efficiency and ease of use to its occupants.

Wiser Home Control makes technologies in your home easy by providing seamless control of music, home theatre, lighting, air conditioning, sprinkler systems, curtains and shutters, security systems... you name it. Usable anytime, anywhere even when you are away, via preset shortcuts or direct control, in the same look and feel from a wall switch, a home computer, or even your smartphone or TV - there is no wiser way to enjoy 24/7 connectivity, comfort and convenience, entertainment and peace of mind homewide!

The Wiser 2 Home Controller allows you to access your C-Bus using a graphical user interface, sometimes referred to as the Wiser 2 UI. The Wiser 2 Home Controller arrives with a sample project loaded and the user interface accessible from your local home network. With certain options set, you can also access the Wiser 2 UI from anywhere using the Internet. Using the Wiser 2 Home Controller you can: control equipment such as IP cameras, C-Bus devices and non C-Bus wired and wireless equipment on the home LAN, schedule events in the home, create and store scenes on-board, customise a C-Bus system using the on-board Logic Engine, monitor the home environment including C-Bus and security systems, control ZigBee products such as Ulti-ZigBee Dimmer, Relay, Groups and Curtains.

Examples of equipment you might access with Wiser 2 Home Controller include lighting, HVAC, curtains, cameras, sprinkler systems, power monitoring, Ulti-ZigBee, multi-room audio and security controls.

**Description**

The home automation solution suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'name' GET parameter in 'delsnap.pl' Perl/CGI script which is used for deleting snapshots taken from the webcam.

\--------------------------------------------------------------------------------

/www/delsnap.pl:  
----------------

01: #!/usr/bin/perl  
02: use IO::Handle;  
03:  
04:  
05: select(STDERR);  
06: $| = 1;  
07: select(STDOUT);  
08: $| = 1;  
09:  
10: #print "\r\n\r\n";  
11:  
12: $CGITempFile::TMPDIRECTORY = '/mnt/microsd/clipsal/ugen/imgs/';  
13: use CGI;  
14:  
15: my $PROGNAME = "delsnap.pl";  
16:  
17: my $cgi = new CGI();  
18:  
19: my $name = $cgi->param('name');  
20: if ($name eq "list") {  
21:     print "\r\n\r\n";  
22:     print "DATA=";  
23:     print `ls -C1 /mnt/microsd/clipsal/ugen/imgs/`;  
24:     exit(0);  
25: }  
26: if ($name eq "deleteall") {  
27:     print "\r\n\r\n";  
28:     print "DELETINGALL=TRUE&";  
29:     print `rm /mnt/microsd/clipsal/ugen/imgs/*`;  
30:     print "COMPLETED=true\n";  
31:     exit(0);  
32: }  
33: #print "name $name\n";  
34: print "\r\n\r\n";  
35: my $filename = "/mnt/microsd/clipsal/ugen/imgs/$name";  
36:  
37: unlink $filename or die "COMPLETED=false\n";  
38:  
39: print "COMPLETED=true\n";

  
\--------------------------------------------------------------------------------

**Vendor**

Schneider Electric SE - https://www.se.com

**Affected Version**

SpaceLogic C-Bus Home Controller (5200WHC2)  
formerly known as C-Bus Wiser Home Controller MK2  
V1.31.460 and prior  
Firmware: 604

**Tested On**

Machine: OMAP3 Wiser2 Board  
CPU: ARMv7 revision 2  
GNU/Linux 2.6.37 (armv7l)  
BusyBox v1.22.1  
thttpd/2.25b  
Perl v5.20.0  
Clipsal 81  
Angstrom 2009.X-stable  
PICED 4.14.0.100  
lighttpd/1.7  
GCC 4.4.3  
NodeJS v10.15.3

**Vendor Status**

\[27.03.2022\] Vulnerability discovered.  
\[31.03.2022\] Reported the vulnerability to the vendor.  
\[31.03.2022\] Vendor receives PoC, starts analysis and creates SE-6334 (Remote Root Exploit).  
\[11.04.2022\] Asked vendor for confirmation and status update.  
\[11.04.2022\] Vendor is still analyzing the vulnerability. Will let us know once the case is confirmed.  
\[20.04.2022\] Asked vendor for confirmation and scheduled patch release date.  
\[21.04.2022\] Vendor is still analyzing.  
\[30.04.2022\] Asked vendor for status update.  
\[02.05.2022\] Vendor states that the product team has finalized their action plan and has provided a tentative fix release date of end of June.  
\[02.05.2022\] Replied to the vendor.  
\[02.05.2022\] The product team is working diligently on the fix. If there are any changes to the release date, we will let you know immediately.  
\[03.06.2022\] Asked vendor for status update.  
\[03.06.2022\] Vendor responds, tentative fix release date remains end of June.  
\[27.06.2022\] Asked vendor for status update.  
\[28.06.2022\] Vendor is finalizing the security notification and expecting to disclose on July 12th 2022.  
\[30.06.2022\] Vendor sends encrypted draft advisory for review.  
\[02.07.2022\] Sent our encrypted draft advisory for alignment of content.  
\[08.07.2022\] Vendor reviews the advisory and agrees that it is aligned with the contents. Provided advisory URL and asked for release date.  
\[10.07.2022\] Replied to the vendor with scheduled advisory release date.  
\[12.07.2022\] Vendor released advisory SEVD-2022-193-02.  
\[20.07.2022\] Coordinated public security advisory released.

**PoC**

SpaceLogic.ps1

**Credits**

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk\>

**References**

\[1\] https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp  
\[2\] https://download.schneider-electric.com/files?p\_enDocType=Security+and+Safety+Notice&p\_File\_Name=SEVD-2022-193-02\_SpaceLogic-C-Bus-Home-Controller-Wiser\_MK2\_Security\_Notification.pdf  
\[3\] https://www.se.com/ww/en/work/support/cybersecurity/wall-of-thanks.jsp  
\[4\] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34753  
\[5\] https://nvd.nist.gov/vuln/detail/CVE-2022-34753

**Changelog**

\[20.07.2022\] - Initial release

**Contact**

Zero Science Lab

Web: https://www.zeroscience.mk  
e-mail: lab@zeroscience.mk

Source

Zero Science Lab