CVE-2024-58286 CRITICAL

CVE-2024-58286: dizqueTV 1.5.3 Remote Code Execution via FFMPEG Executable Path

Vendor Vexorian
Product dizqueTV
Weakness CWE-78
Published December 11, 2025
Last update April 7, 2026

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

dizqueTV 1.5.3 contains a remote code execution vulnerability that allows attackers to inject arbitrary commands through the FFMPEG Executable Path settings. Attackers can modify the executable path with shell commands to read system files like /etc/passwd by exploiting improper input validation.

Key dates

02Disclosure timeline

December 11, 2025 CVE published
April 7, 2026 Record updated