Critical severity9.8NVD Advisory· Published Apr 6, 2017· Updated Jun 17, 2026
CVE-2017-7237
CVE-2017-7237
Description
The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote attackers to access the Spiceworks data\configurations directory by leveraging the unauthenticated nature of the TFTP service for all clients who can reach UDP port 69, as demonstrated by a WRQ (aka Write request) operation for a configuration file or an executable file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- cpe:2.3:a:spiceworks:spiceworks:7.5:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
3- hyp3rlinx.altervista.org/advisories/SPICEWORKS-IMPROPER-ACCESS-CONTROL-FILE-OVERWRITE.txtnvdExploitThird Party Advisory
- www.exploit-db.com/exploits/41825/nvdExploitThird Party AdvisoryVDB Entry
- community.spiceworks.com/support/inventory/docs/network-confignvdVendor Advisory
News mentions
0No linked articles in our index yet.