CVE-2017-10934

Name of the Vulnerable Software and Affected Versions ZTE ZXIPTV-EPG versions prior to V5.09.02.02T4

Description The issue concerns the use of the Java RMI service with the Apache Commons Collections (ACC) library, which may lead to Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit this by sending a crafted RMI request, potentially allowing the execution of arbitrary code on the target host.

Recommendations For versions prior to V5.09.02.02T4, update to version V5.09.02.02T4 or later to resolve the issue. As a temporary workaround, consider restricting access to the Java RMI service to minimize the risk of exploitation.