CVE-2017-20217

Serviio PRO 1.8 REST API Information Disclosure

CVSS 8.7 HIGHEPSS 0.7%CWE-306

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 8.7EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

15 mar 2026Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Serviio PRO 1.8 contains an information disclosure vulnerability due to improper access control enforcement in the Configuration REST API that allows unauthenticated attackers to access sensitive information. Remote attackers can send specially crafted requests to the REST API endpoints to retrieve potentially sensitive configuration data without authentication.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Productos afectados

Serviio · Serviio PRO

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://blogs.securiteam.com/index.php/archives/3094 https://cxsecurity.com/issue/WLB-2017050022 https://exchange.xforce.ibmcloud.com/vulnerabilities/125646 https://packetstormsecurity.com/files/142383 https://www.exploit-db.com/exploits/41958/https://www.vulncheck.com/advisories/serviio-pro-rest-api-information-disclosure https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5404.php http://www.securitylab.ru/poc/486048.php