admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 18:52:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2017/CVE-2017-10932.md

18 lines
982 B
Markdown
Raw Normal View History

Update Sun May 26 14:27:04 CEST 2024
2024-05-26 14:27:05 +02:00
### [CVE-2017-10932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10932)
![](https://img.shields.io/static/v1?label=Product&message=NR8000%20Series&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Remote%20Code%20Execution&color=brighgreen)
### Description
All versions prior to V12.17.20 of the ZTE Microwave NR8000 series products - NR8120, NR8120A, NR8120, NR8150, NR8250, NR8000 TR and NR8950 are the applications of C/S architecture using the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a crafted RMI request to execute arbitrary code on the target host.
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/PalindromeLabs/Java-Deserialization-CVEs
Reference in New Issue Copy Permalink