CVE-2017-10932
CVE-2017-10932
In short
ZTE Microwave NR8000 series devices use an unsafe Java library that allows attackers to send malicious requests and run harmful code without needing a password. This affects multiple device models before version 12.17.20.
Technical detail
The ZTE NR8000 series implements a client-server Java RMI service using vulnerable Apache Commons Collections library versions susceptible to unsafe deserialization. An unauthenticated remote attacker can craft a malicious RMI request containing a serialized payload to achieve remote code execution on the target device.
Summary generated and translated by AI from the official description.
All versions prior to V12.17.20 of the ZTE Microwave NR8000 series products - NR8120, NR8120A, NR8120, NR8150, NR8250, NR8000 TR and NR8950 are the applications of C/S architecture using the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a crafted RMI request to execute arbitrary code on the target host.
Affected products
ZTE · NR8000 SeriesWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →