CVE-2016-11061
29.04.2020, 22:15
Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated attacker to execute OS commands on the device.
| Vendor | Product | Version |
|---|---|---|
| xerox | workcentre_3655_firmware | 𝑥 < 073.060.086.15410 |
| xerox | workcentre_3655i_firmware | 𝑥 < 073.060.086.15410 |
| xerox | workcentre_5865_firmware | 𝑥 < 073.190.086.15410 |
| xerox | workcentre_5875_firmware | 𝑥 < 073.190.086.15410 |
| xerox | workcentre_5890_firmware | 𝑥 < 073.190.086.15410 |
| xerox | workcentre_5865i_firmware | 𝑥 < 073.190.086.15410 |
| xerox | workcentre_5875i_firmware | 𝑥 < 073.190.086.15410 |
| xerox | workcentre_5890i_firmware | 𝑥 < 073.190.086.15410 |
| xerox | workcentre_5945_firmware | 𝑥 < 073.091.086.15410 |
| xerox | workcentre_5955_firmware | 𝑥 < 073.091.086.15410 |
| xerox | workcentre_5945i_firmware | 𝑥 < 073.091.086.15410 |
| xerox | workcentre_5955i_firmware | 𝑥 < 073.091.086.15410 |
| xerox | workcentre_6655_firmware | 𝑥 < 073.110.086.15410 |
| xerox | workcentre_6655i_firmware | 𝑥 < 073.110.086.15410 |
| xerox | workcentre_7200_firmware | 𝑥 < 073.030.086.15410 |
| xerox | workcentre_7200i_firmware | 𝑥 < 073.030.086.15410 |
| xerox | workcentre_7225i_firmware | 𝑥 < 073.030.086.15410 |
| xerox | workcentre_7830_firmware | 𝑥 < 073.010.086.15410 |
| xerox | workcentre_7835_firmware | 𝑥 < 073.010.086.15410 |
| xerox | workcentre_7845_firmware | 𝑥 < 073.010.086.15410 |
| xerox | workcentre_7855_firmware | 𝑥 < 073.010.086.15410 |
| xerox | workcentre_7970_firmware | 𝑥 < 073.200.086.15410 |
| xerox | workcentre_7970i_firmware | 𝑥 < 073.200.086.15410 |
| xerox | workcentre_7225_firmware | 𝑥 < 073.030.086.15410 |
| xerox | workcentre_7220_firmware | 𝑥 < 073.030.086.15410 |
𝑥
= Vulnerable software versions