Vulnerabilities > CVE-2017-10934 - Deserialization of Untrusted Data vulnerability in ZTE Zxiptv-Epg Firmware

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
zte
CWE-502
critical

Summary

All versions prior to V5.09.02.02T4 of the ZTE ZXIPTV-EPG product use the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a crafted RMI request to execute arbitrary code on the target host.

Vulnerable Configurations

Part Description Count
OS
Zte
1
Hardware
Zte
1

Common Weakness Enumeration (CWE)