CVE-2017-20220

Serviio PRO 1.8 contains an improper access control vulnerability in the Configuration REST API that allows unauthenticated attackers to change the mediabrowser login password. Attackers can send specially crafted requests to the REST API endpoints to modify credentials without authentication.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://www.securitylab.ru/poc/486047.php
https://blogs.securiteam.com/index.php/archives/3094
https://cxsecurity.com/issue/WLB-2017050025
https://exchange.xforce.ibmcloud.com/vulnerabilities/125645
https://packetstormsecurity.com/files/142386
https://www.exploit-db.com/exploits/41960/
https://www.vulncheck.com/advisories/serviio-pro-unauthenticated-password-change-via-rest-api
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5407.php

Configurations

No configuration.

History

15 Apr 2026, 14:56

Type	Values Removed	Values Added
Summary		(es) Serviio PRO 1.8 contiene una vulnerabilidad de control de acceso inadecuado en la API REST de Configuración que permite a atacantes no autenticados cambiar la contraseña de inicio de sesión del mediabrowser. Los atacantes pueden enviar solicitudes especialmente diseñadas a los puntos finales de la API REST para modificar credenciales sin autenticación.

16 Mar 2026, 14:17

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-16 14:17

Updated : 2026-04-15 14:56

NVD link : CVE-2017-20220

Mitre link : CVE-2017-20220

CVE.ORG link : CVE-2017-20220

JSON object : View

Products Affected

No product.

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2017-20220", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-16T14:17:51.730", "references": [{"url": "http://www.securitylab.ru/poc/486047.php", "source": "disclosure@vulncheck.com"}, {"url": "https://blogs.securiteam.com/index.php/archives/3094", "source": "disclosure@vulncheck.com"}, {"url": "https://cxsecurity.com/issue/WLB-2017050025", "source": "disclosure@vulncheck.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125645", "source": "disclosure@vulncheck.com"}, {"url": "https://packetstormsecurity.com/files/142386", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/41960/", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/serviio-pro-unauthenticated-password-change-via-rest-api", "source": "disclosure@vulncheck.com"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5407.php", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "Serviio PRO 1.8 contains an improper access control vulnerability in the Configuration REST API that allows unauthenticated attackers to change the mediabrowser login password. Attackers can send specially crafted requests to the REST API endpoints to modify credentials without authentication."}, {"lang": "es", "value": "Serviio PRO 1.8 contiene una vulnerabilidad de control de acceso inadecuado en la API REST de Configuraci\u00f3n que permite a atacantes no autenticados cambiar la contrase\u00f1a de inicio de sesi\u00f3n del mediabrowser. Los atacantes pueden enviar solicitudes especialmente dise\u00f1adas a los puntos finales de la API REST para modificar credenciales sin autenticaci\u00f3n."}], "lastModified": "2026-04-15T14:56:45.970", "sourceIdentifier": "disclosure@vulncheck.com"}