CVE-2017-10934
CVE-2017-10934
In short
The ZTE ZXIPTV-EPG product uses a Java service that contains a dangerous flaw in how it processes data from the internet. An attacker can send specially crafted messages to trick the system into running harmful code without needing any password or permission.
Technical detail
CVE-2017-10934 exploits unsafe Java deserialization in the RMI service of ZTE ZXIPTV-EPG versions before V5.09.02.02T4, leveraging the vulnerable Apache Commons Collections library. An unauthenticated remote attacker can craft and send malicious RMI requests to achieve arbitrary code execution on the affected host.
Summary generated and translated by AI from the official description.
All versions prior to V5.09.02.02T4 of the ZTE ZXIPTV-EPG product use the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a crafted RMI request to execute arbitrary code on the target host.
Affected products
ZTE · ZXIPTV-EPGWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →