top of page
perceptive_background_267k.jpg

Serviio PRO 1.8 contains an information disclosure vulnerability due to improper access control enforcement in the Configuration REST API that allows unauthenti…

Published:

15 maart 2026 om 23:00:00

Alert date:

16 maart 2026 om 16:21:26

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Enterprise Applications

CVE-2017-20217 affects Serviio PRO 1.8, exposing an information disclosure vulnerability in the Configuration REST API. The vulnerability stems from improper access control enforcement that allows unauthenticated remote attackers to access sensitive configuration data. Attackers can exploit this by sending specially crafted requests to REST API endpoints without requiring authentication. This vulnerability allows unauthorized access to potentially sensitive configuration information. The issue has been documented across multiple security advisory platforms and exploit databases.

Technical details

Mitigation steps:

Affected products:

Serviio PRO

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2017-20217
http://www.securitylab.ru/poc/486048.php
https://blogs.securiteam.com/index.php/archives/3094
https://cxsecurity.com/issue/WLB-2017050022
https://exchange.xforce.ibmcloud.com/vulnerabilities/125646
https://packetstormsecurity.com/files/142383
https://www.exploit-db.com/exploits/41958/
https://www.vulncheck.com/advisories/serviio-pro-rest-api-information-disclosure
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5404.php

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page