CVE-2017-20220

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Serviio PRO version 1.8

Description Serviio PRO version 1.8 has an improper access control issue in the Configuration REST API. This allows unauthenticated attackers to modify the mediabrowser login password by sending crafted requests to the REST API endpoints without needing to authenticate. The vulnerable API allows modification of credentials without authorization.

Recommendations Update to a newer version that contains a fix for this vulnerability.

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2017-20220

Affected Products

Undefined

CVE-2017-20220

Weakness Enumeration

Related Identifiers

Affected Products

References · 10