There is a command execution vulnerability in a ZTE conference management system. As some services are enabled by default, the attacker could exploit this vulnerability to execute arbitrary commands by sending specific serialization command.