All versions prior to V5.09.02.02T4 of the ZTE ZXIPTV-EPG product use the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a crafted RMI request to execute arbitrary code on the target host.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: zte

Published: 2018-07-25T15:00:00Z

Updated: 2024-09-17T04:10:07.231Z

Reserved: 2017-07-05T00:00:00

Link: CVE-2017-10934

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2018-07-25T15:29:00.200

Modified: 2018-10-02T14:28:30.447

Link: CVE-2017-10934

cve-icon Redhat

No data.