CyberSec.Space Logo
Back to CVE Browser

CVE-2017-10932

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1570%
EPSS Percentile37.18th
PublishedSep 28, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

All versions prior to V12.17.20 of the ZTE Microwave NR8000 series products - NR8120, NR8120A, NR8120, NR8150, NR8250, NR8000 TR and NR8950 are the applications of C/S architecture using the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a crafted RMI request to execute arbitrary code on the target host.

Affected Platforms (CPE)

πŸ’»
Zte

Nr8120 Firmware

< 12.17.20
πŸ’»
Zte

Nr8120a Firmware

< 12.17.20
πŸ’»
Zte

Nr8150 Firmware

< 12.17.20
πŸ’»
Zte

Nr8250 Firmware

< 12.17.20
πŸ’»
Zte

Nr8000tr Firmware

< 12.17.20
πŸ’»
Zte

Nr8950 Firmware

< 12.17.20

References & Advisories

πŸ”— http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008422
πŸ”— http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008422

Related Vulnerabilities

CVE-2017-308810.0

Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF runtime engine. S...

CVE-2017-1091810.0

Xen through 4.8.x does not validate memory allocations during certain P2M operations, which allows guest OS users to obtain privil...

CVE-2017-787610.0

This command injection vulnerability in QTS allows attackers to run arbitrary commands in the compromised application. QNAP have a...

CVE-2017-632610.0

The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual ...