CVE-2017-10932
First published: Wed Sep 27 2017(Updated: )
All versions prior to V12.17.20 of the ZTE Microwave NR8000 series products - NR8120, NR8120A, NR8120, NR8150, NR8250, NR8000 TR and NR8950 are the applications of C/S architecture using the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a crafted RMI request to execute arbitrary code on the target host.
Credit: psirt@zte.com.cn
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ZTE NR8120 | <12.17.20 | |
| ZTE NR8120 Firmware | ||
| All of | ||
| ZTE NR8120A Firmware | <12.17.20 | |
| ZTE NR8120A Firmware | ||
| All of | ||
| ZTE NR8150 | <12.17.20 | |
| ZTE NR8150 Firmware | ||
| All of | ||
| ZTE NR8250 | <12.17.20 | |
| ZTE NR8250 Firmware | ||
| All of | ||
| ZTE NR8000TR | <12.17.20 | |
| ZTE NR8000TR Firmware | ||
| All of | ||
| ZTE NR8950 Firmware | <12.17.20 | |
| ZTE NR8950 Firmware | ||
| ZTE NR8120 | ||
| ZTE NR8120 Firmware | ||
| ZTE NR8120A Firmware | ||
| ZTE NR8120A Firmware | ||
| ZTE NR8150 | ||
| ZTE NR8150 Firmware | ||
| ZTE NR8250 | ||
| ZTE NR8250 Firmware | ||
| ZTE NR8000TR | ||
| ZTE NR8000TR Firmware | ||
| ZTE NR8950 Firmware | ||
| ZTE NR8950 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2017-10932?
CVE-2017-10932 is classified with a high severity due to its potential for remote code execution.
How do I fix CVE-2017-10932?
To fix CVE-2017-10932, update the ZTE Microwave NR8000 series products to version V12.17.20 or later.
What products are affected by CVE-2017-10932?
CVE-2017-10932 affects all versions before V12.17.20 of the ZTE Microwave NR8000 series products.
Is there a workaround for CVE-2017-10932?
There is no known workaround for CVE-2017-10932 other than upgrading to a fixed version.
When was CVE-2017-10932 reported?
CVE-2017-10932 was reported in 2017 and has been documented in various security advisories.
- agent/type
- agent/author
- agent/weakness
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/severity
- agent/source
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/zte
- canonical/zte nr8120
- canonical/zte nr8120 firmware
- canonical/zte nr8120a firmware
- canonical/zte nr8150
- canonical/zte nr8150 firmware
- canonical/zte nr8250 firmware
- canonical/zte nr8000tr
- canonical/zte nr8000tr firmware
- canonical/zte nr8950 firmware