CVE-2017-20220

High CVSS: 8.7

Serviio PRO 1.8 contains an improper access control vulnerability in the Configuration REST API that allows unauthenticated attackers to change the mediabrowser login password. Attackers can send specially crafted requests to the REST API endpoints to modify credentials without authentication.

Vendor

Product

CWE

CWE-306

Yayın Tarihi

2026-03-16 14:17:51

Güncelleme

2026-03-16 14:53:46

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-306 HIGH 2026

Referanslar

http://www.securitylab.ru/poc/486047.php https://blogs.securiteam.com/index.php/archives/3094 https://cxsecurity.com/issue/WLB-2017050025 https://exchange.xforce.ibmcloud.com/vulnerabilities/125645 https://packetstormsecurity.com/files/142386 https://www.exploit-db.com/exploits/41960/ https://www.vulncheck.com/advisories/serviio-pro-unauthenticated-password-change-via-rest-api https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5407.php