CVE-2017-20217

HIGH

Serviio PRO 1.8 REST API Information Disclosure

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-20217. PoCs published by LiquidWorm.

AI-analyzed exploit summary This Python script exploits an information disclosure vulnerability in Serviio PRO 1.8 DLNA Media Streaming Server by sending unauthenticated HTTP requests to the REST API to retrieve sensitive information such as ServiioLinks, directory listings, and the MediaBrowser password.

Description

Serviio PRO 1.8 contains an information disclosure vulnerability due to improper access control enforcement in the Configuration REST API that allows unauthenticated attackers to access sensitive information. Remote attackers can send specially crafted requests to the REST API endpoints to retrieve potentially sensitive configuration data without authentication.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · pythonwebappsjava

https://www.exploit-db.com/exploits/41958

View Code ZIP pw:eip

This Python script exploits an information disclosure vulnerability in Serviio PRO 1.8 DLNA Media Streaming Server by sending unauthenticated HTTP requests to the REST API to retrieve sensitive information such as ServiioLinks, directory listings, and the MediaBrowser password.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Serviio PRO 1.8, 1.7.1, 1.7.0, 1.6.1

No auth needed

Prerequisites: network access to the target server · Serviio REST API endpoint exposed

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed Mar 16, 2026 Full analysis →