CVE-2024-58286 - Vulnerability Details - OpenCVE

dizqueTV 1.5.3 contains a remote code execution vulnerability that allows attackers to inject arbitrary commands through the FFMPEG Executable Path settings. Attackers can modify the executable path with shell commands to read system files like /etc/passwd by exploiting improper input validation.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Vexorian	Dizquetv

No data.

No data.

References

Link	Providers
https://github.com/vexorian/dizquetv
https://www.exploit-db.com/exploits/52079
https://www.vulncheck.com/advisories/dizquetv-remote-code-execution-via-ffmpeg-executable-path

History

Fri, 12 Dec 2025 09:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Vexorian Vexorian dizquetv
Vendors & Products		Vexorian Vexorian dizquetv

Thu, 11 Dec 2025 21:45:00 +0000

Type	Values Removed	Values Added
Description		dizqueTV 1.5.3 contains a remote code execution vulnerability that allows attackers to inject arbitrary commands through the FFMPEG Executable Path settings. Attackers can modify the executable path with shell commands to read system files like /etc/passwd by exploiting improper input validation.
Title		dizqueTV 1.5.3 Remote Code Execution via FFMPEG Executable Path
Weaknesses		CWE-78
References		https://github.com/vexorian/dizquetv https://www.exploit-db.com/exploits/52079 https://www.vulncheck.com/advisories/dizquetv-remote-code-execution-via-ffmpeg-executable-path
Metrics		cvssV4_0 `{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2025-12-11T21:32:57.246Z

Updated: 2025-12-11T21:32:57.246Z

Reserved: 2025-12-10T23:46:14.008Z

Link: CVE-2024-58286

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-12-11T22:15:48.203

Modified: 2025-12-11T22:15:48.203

Link: CVE-2024-58286

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-58286", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2025-12-10T23:46:14.008Z", "datePublished": "2025-12-11T21:32:57.246Z", "dateUpdated": "2025-12-11T21:32:57.246Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "dizqueTV", "vendor": "vexorian", "versions": [{"status": "affected", "version": "1.5.3"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Ahmed Said Saud Al-Busaidi"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>dizqueTV 1.5.3 contains a remote code execution vulnerability that allows attackers to inject arbitrary commands through the FFMPEG Executable Path settings. Attackers can modify the executable path with shell commands to read system files like /etc/passwd by exploiting improper input validation.</p>"}], "value": "dizqueTV 1.5.3 contains a remote code execution vulnerability that allows attackers to inject arbitrary commands through the FFMPEG Executable Path settings. Attackers can modify the executable path with shell commands to read system files like /etc/passwd by exploiting improper input validation."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.3, "baseSeverity": "CRITICAL", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2025-12-11T21:32:57.246Z"}, "references": [{"name": "ExploitDB-52079", "tags": ["exploit"], "url": "https://www.exploit-db.com/exploits/52079"}, {"name": "DizqueTV GitHub Repository", "tags": ["product"], "url": "https://github.com/vexorian/dizquetv"}, {"name": "VulnCheck Advisory: dizqueTV 1.5.3 Remote Code Execution via FFMPEG Executable Path", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/dizquetv-remote-code-execution-via-ffmpeg-executable-path"}], "source": {"discovery": "UNKNOWN"}, "title": "dizqueTV 1.5.3 Remote Code Execution via FFMPEG Executable Path", "x_generator": {"engine": "vulncheck"}}}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "dizqueTV 1.5.3 contains a remote code execution vulnerability that allows attackers to inject arbitrary commands through the FFMPEG Executable Path settings. Attackers can modify the executable path with shell commands to read system files like /etc/passwd by exploiting improper input validation."}], "id": "CVE-2024-58286", "lastModified": "2025-12-11T22:15:48.203", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2025-12-11T22:15:48.203", "references": [{"source": "disclosure@vulncheck.com", "url": "https://github.com/vexorian/dizquetv"}, {"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/52079"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/dizquetv-remote-code-execution-via-ffmpeg-executable-path"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}