Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-10932

All versions prior to V12.17.20 of the ZTE Microwave NR8000 series products - NR8120, NR8120A, NR8120, NR8150, NR8250, NR8000 TR and NR8950 are the applications of C/S architecture using the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a crafted RMI request to execute arbitrary code on the target host.

Published

2017-09-28T01:29:00.997

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Primary
CWE-502

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	zte	nr8120_firmware	< 12.17.20	Yes
Hardware	zte	nr8120	-	No
Operating System	zte	nr8120a_firmware	< 12.17.20	Yes
Hardware	zte	nr8120a	-	No
Operating System	zte	nr8150_firmware	< 12.17.20	Yes
Hardware	zte	nr8150	-	No
Operating System	zte	nr8250_firmware	< 12.17.20	Yes
Hardware	zte	nr8250	-	No
Operating System	zte	nr8000tr_firmware	< 12.17.20	Yes
Hardware	zte	nr8000tr	-	No
Operating System	zte	nr8950_firmware	< 12.17.20	Yes
Hardware	zte	nr8950	-	No

References

http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008422 Vendor Advisory ([email protected])
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008422 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)