Sign-up

ID

VAR-201807-0097


CVE

CVE-2017-10934


TITLE

ZTE ZXIPTV-EPG Vulnerable to unreliable data deserialization

Trust: 0.8

sources: JVNDB: JVNDB-2017-014149

DESCRIPTION

All versions prior to V5.09.02.02T4 of the ZTE ZXIPTV-EPG product use the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a crafted RMI request to execute arbitrary code on the target host. ZTE ZXIPTV-EPG Contains a vulnerability in the deserialization of unreliable data.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ZTEZXIPTV-EPG A set-top box device from China ZTE Corporation (ZTE). A Java deserialization vulnerability exists in previous versions of ZTEZXIPTV-EPG5.09.02.02T4. The vulnerability stems from the use of the JavaRMI service. Execute arbitrary code

Trust: 2.16

sources: NVD: CVE-2017-10934 // JVNDB: JVNDB-2017-014149 // CNVD: CNVD-2019-06618

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-06618

AFFECTED PRODUCTS

vendor:ztemodel:zxiptv-epgscope:ltversion:5.09.02.02t4

Trust: 1.8

vendor:ztemodel:zxiptv-epg <5.09.02.02t4scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-06618 // JVNDB: JVNDB-2017-014149 // NVD: CVE-2017-10934

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-10934
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-10934
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-06618
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201807-1838
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2017-10934
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-06618
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-10934
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-06618 // JVNDB: JVNDB-2017-014149 // CNNVD: CNNVD-201807-1838 // NVD: CVE-2017-10934

PROBLEMTYPE DATA

problemtype:CWE-502

Trust: 1.8

sources: JVNDB: JVNDB-2017-014149 // NVD: CVE-2017-10934

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1838

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201807-1838

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014149

PATCH
title:Remote Code Execution Vulnerability in ZXIPTV Producturl:http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008682
Trust: 0.8
title:Patch for ZTEZXIPTV-EPGJava deserialization vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/155565
Trust: 0.6
title:ZTE ZXIPTV-EPG Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82616
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-06618 // 
            
            
            
            JVNDB: JVNDB-2017-014149 // 
            
            
            
            CNNVD: CNNVD-201807-1838

EXTERNAL IDS
db:NVDid:CVE-2017-10934
Trust: 3.0
db:ZTEid:1008682
Trust: 2.2
db:JVNDBid:JVNDB-2017-014149
Trust: 0.8
db:CNVDid:CNVD-2019-06618
Trust: 0.6
db:CNNVDid:CNNVD-201807-1838
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-06618 // 
            
            
            
            JVNDB: JVNDB-2017-014149 // 
            
            
            
            CNNVD: CNNVD-201807-1838 // 
            
            
            
            NVD: CVE-2017-10934

REFERENCES
url:http://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1008682
Trust: 2.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10934
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-10934
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-06618 // 
            
            
            
            JVNDB: JVNDB-2017-014149 // 
            
            
            
            CNNVD: CNNVD-201807-1838 // 
            
            
            
            NVD: CVE-2017-10934

SOURCES
db:CNVDid:CNVD-2019-06618
db:JVNDBid:JVNDB-2017-014149
db:CNNVDid:CNNVD-201807-1838
db:NVDid:CVE-2017-10934

LAST UPDATE DATE
2024-11-23T22:22:03.540000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-06618date:2019-03-10T00:00:00
db:JVNDBid:JVNDB-2017-014149date:2018-10-29T00:00:00
db:CNNVDid:CNNVD-201807-1838date:2018-07-26T00:00:00
db:NVDid:CVE-2017-10934date:2024-11-21T03:06:47.140

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-06618date:2019-03-09T00:00:00
db:JVNDBid:JVNDB-2017-014149date:2018-10-29T00:00:00
db:CNNVDid:CNNVD-201807-1838date:2018-07-26T00:00:00
db:NVDid:CVE-2017-10934date:2018-07-25T15:29:00.200