CVE-2017-10932

EPSS 13.76%
Published 28.09.2017 01:29:00
Last modified 20.04.2025 01:37:25
Source psirt@zte.com.cn
Teams watchlist Login
Open Login

All versions prior to V12.17.20 of the ZTE Microwave NR8000 series products - NR8120, NR8120A, NR8120, NR8150, NR8250, NR8000 TR and NR8950 are the applications of C/S architecture using the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a crafted RMI request to execute arbitrary code on the target host.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Zte ≫ Nr8120 Firmware Version < 12.17.20

Zte ≫ Nr8120 Version-

Zte ≫ Nr8120a Firmware Version < 12.17.20

Zte ≫ Nr8120a Version-

Zte ≫ Nr8150 Firmware Version < 12.17.20

Zte ≫ Nr8150 Version-

Zte ≫ Nr8250 Firmware Version < 12.17.20

Zte ≫ Nr8250 Version-

Zte ≫ Nr8000tr Firmware Version < 12.17.20

Zte ≫ Nr8000tr Version-

Zte ≫ Nr8950 Firmware Version < 12.17.20

Zte ≫ Nr8950 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	13.76%	0.937

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008422

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-10932

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-10932

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-10932

EUVD