CyberSec.Space Logo
Back to CVE Browser

CVE-2017-10934

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0430%
EPSS Percentile37.49th
PublishedJul 25, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

All versions prior to V5.09.02.02T4 of the ZTE ZXIPTV-EPG product use the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a crafted RMI request to execute arbitrary code on the target host.

Affected Platforms (CPE)

💻
Zte

Zxiptv Epg Firmware

< 5.09.02.02t4

References & Advisories

🔗 http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008682
🔗 http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008682

Related Vulnerabilities

CVE-2017-772210.0

In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with ...

CVE-2017-796410.0

Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote att...

CVE-2017-522610.0

When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioc...

CVE-2017-232010.0

A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenti...