CVE-2017-20217

High CVSS: 8.7

Serviio PRO 1.8 contains an information disclosure vulnerability due to improper access control enforcement in the Configuration REST API that allows unauthenticated attackers to access sensitive information. Remote attackers can send specially crafted requests to the REST API endpoints to retrieve potentially sensitive configuration data without authentication.

Vendor

Product

CWE

CWE-306

Yayın Tarihi

2026-03-16 14:17:51

Güncelleme

2026-03-16 14:53:46

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-306 HIGH 2026

Referanslar

http://www.securitylab.ru/poc/486048.php https://blogs.securiteam.com/index.php/archives/3094 https://cxsecurity.com/issue/WLB-2017050022 https://exchange.xforce.ibmcloud.com/vulnerabilities/125646 https://packetstormsecurity.com/files/142383 https://www.exploit-db.com/exploits/41958/ https://www.vulncheck.com/advisories/serviio-pro-rest-api-information-disclosure https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5404.php