CVE-2017-20220

Sažetak

Serviio PRO 1.8 contains an improper access control vulnerability in the Configuration REST API that allows unauthenticated attackers to change the mediabrowser login password. Attackers can send specially crafted requests to the REST API endpoints to modify credentials without authentication.

Reference

http://www.securitylab.ru/poc/486047.php
https://blogs.securiteam.com/index.php/archives/3094
https://cxsecurity.com/issue/WLB-2017050025
https://exchange.xforce.ibmcloud.com/vulnerabilities/125645
https://packetstormsecurity.com/files/142386
https://www.exploit-db.com/exploits/41960/
https://www.vulncheck.com/advisories/serviio-pro-unauthenticated-password-change-via-rest-api
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5407.php

CVSS

Base:	7.5
Impact:	3.6
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Zadnje važnije ažuriranje

16-03-2026 - 14:53

Objavljeno

16-03-2026 - 14:17