CVE-2017-10932

Name of the Vulnerable Software and Affected Versions ZTE Microwave NR8000 series products versions prior to V12.17.20

Description The issue is related to Java deserialization vulnerabilities in the ZTE Microwave NR8000 series products, specifically in the applications of C/S architecture using the Java RMI service with the Apache Commons Collections (ACC) library. An unauthenticated remote attacker can exploit this by sending a crafted RMI request to execute arbitrary code on the target host. This is due to the procedure of deserializing Java objects when handling Java RMI requests.

Recommendations For versions prior to V12.17.20, update to version V12.17.20 or later to resolve the issue. As a temporary workaround, consider restricting access to the Java RMI service to minimize the risk of exploitation.