There is a command execution vulnerability in a ZTE conference management system. As some services are enabled by default, the attacker could exploit this vulnerability to execute arbitrary commands by sending specific serialization command.Referenceshttps://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1018424
