Critical severity9.8NVD Advisory· Published Apr 6, 2017· Updated May 13, 2026

CVE-2017-7237

Description

The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote attackers to access the Spiceworks data\configurations directory by leveraging the unauthenticated nature of the TFTP service for all clients who can reach UDP port 69, as demonstrated by a WRQ (aka Write request) operation for a configuration file or an executable file.

Affected products

Spiceworks/Spiceworks
cpe:2.3:a:spiceworks:spiceworks:7.5:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

hyp3rlinx.altervista.org/advisories/SPICEWORKS-IMPROPER-ACCESS-CONTROL-FILE-OVERWRITE.txtnvdExploitThird Party Advisory
www.exploit-db.com/exploits/41825/nvdExploitThird Party AdvisoryVDB Entry
community.spiceworks.com/support/inventory/docs/network-confignvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.011
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000