CyberSec.Space Logo
返回 CVE 浏览器

CVE-2017-10934

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0430%
EPSS Percentile37.49th
Published2018年7月25日
Last Modified2024年11月21日

Vulnerability Description

All versions prior to V5.09.02.02T4 of the ZTE ZXIPTV-EPG product use the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a crafted RMI request to execute arbitrary code on the target host.

Affected Platforms (CPE)

💻
Zte

Zxiptv Epg Firmware

< 5.09.02.02t4

References & Advisories

🔗 http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008682
🔗 http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008682

相关漏洞威胁

CVE-2017-379110.0

A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication ...

CVE-2017-772210.0

In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with ...

CVE-2017-332410.0

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcompone...

CVE-2017-232010.0

A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenti...

CVE-2017-10934 Detail & Impact Analysis | CVSS 9.8 (CRITICAL) | Cyber-Sec.Space | Cyber-Sec.Space