CVE-2017-20220

Serviio PRO 1.8 Unauthenticated Password Change via REST API

CVSS 8.7 HIGHEPSS 0.4%CWE-306

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 8.7EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

15 mar 2026Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Serviio PRO 1.8 contains an improper access control vulnerability in the Configuration REST API that allows unauthenticated attackers to change the mediabrowser login password. Attackers can send specially crafted requests to the REST API endpoints to modify credentials without authentication.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Productos afectados

Serviio · Serviio PRO

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://blogs.securiteam.com/index.php/archives/3094 https://cxsecurity.com/issue/WLB-2017050025 https://exchange.xforce.ibmcloud.com/vulnerabilities/125645 https://packetstormsecurity.com/files/142386 https://www.exploit-db.com/exploits/41960/https://www.vulncheck.com/advisories/serviio-pro-unauthenticated-password-change-via-rest-api https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5407.php http://www.securitylab.ru/poc/486047.php