Vulnerabilities > CVE-2017-10934 - Deserialization of Untrusted Data vulnerability in ZTE Zxiptv-Epg Firmware

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
zte
CWE-502

Summary

All versions prior to V5.09.02.02T4 of the ZTE ZXIPTV-EPG product use the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a crafted RMI request to execute arbitrary code on the target host.

Vulnerable Configurations

Part Description Count
OS
Zte
1
Hardware
Zte
1

Common Weakness Enumeration (CWE)