CVE-2017-10934

Name: CVE-2017-10934
Creator: NVD / NIST
Published: 2018-07-25T15:29:00.2+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 3.11%

Last modified Jun 17, 2026

CVE-2017-10934 is a vulnerability of currently unknown severity. All versions prior to V5.09.02.02T4 of the ZTE ZXIPTV-EPG product use the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a crafted RMI request to execute arbitrary code on the target host.. EPSS estimates a 3.11% chance of exploitation in the next 30 days.

Description

All versions prior to V5.09.02.02T4 of the ZTE ZXIPTV-EPG product use the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a crafted RMI request to execute arbitrary code on the target host.

Metrics

EPSS Probability

3.11%

86.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-502

Affected Software

Vendor	Product	Versions
Zte	Zxiptv-Epg Firmware	< 5.09.02.02t4

References

http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008682Vendor Advisory
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008682Vendor Advisory

Timeline

Published: Jul 25, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-10934?

How severe is CVE-2017-10934?

Severity scoring for CVE-2017-10934 is pending analysis. The EPSS model estimates a 3.11% probability of exploitation in the next 30 days.

How do I fix CVE-2017-10934?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-10934?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST