CyberSec.Space Logo
CVEブラウザに戻る

CVE-2017-10932

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1570%
EPSS Percentile37.18th
Published2017年9月28日
Last Modified2026年5月13日

Vulnerability Description

All versions prior to V12.17.20 of the ZTE Microwave NR8000 series products - NR8120, NR8120A, NR8120, NR8150, NR8250, NR8000 TR and NR8950 are the applications of C/S architecture using the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a crafted RMI request to execute arbitrary code on the target host.

Affected Platforms (CPE)

💻
Zte

Nr8120 Firmware

< 12.17.20
💻
Zte

Nr8120a Firmware

< 12.17.20
💻
Zte

Nr8150 Firmware

< 12.17.20
💻
Zte

Nr8250 Firmware

< 12.17.20
💻
Zte

Nr8000tr Firmware

< 12.17.20
💻
Zte

Nr8950 Firmware

< 12.17.20

References & Advisories

🔗 http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008422
🔗 http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008422

関連する脆弱性情報

CVE-2017-1129110.0

An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request Forgery (SSRF) vulnerability exists tha...

CVE-2017-1674010.0

A Buffer Overflow issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers, Series B and C Versions 2...

CVE-2017-1437810.0

EMC RSA Authentication Agent API 8.5 for C and RSA Authentication Agent SDK 8.6 for C allow attackers to bypass authentication, ak...

CVE-2017-1254210.0

A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53 was found...