cbcvebase.
CVE-2016-11061
published 2020-04-29

CVE-2016-11061: Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly…

PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.99%
78.1th percentile
Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated attacker to execute OS commands on the device.

Affected

25 ranges
VendorProductVersion rangeFixed in
xeroxworkcentre_3655_firmware< 073.060.086.15410073.060.086.15410
xeroxworkcentre_3655i_firmware< 073.060.086.15410073.060.086.15410
xeroxworkcentre_5865_firmware< 073.190.086.15410073.190.086.15410
xeroxworkcentre_5865i_firmware< 073.190.086.15410073.190.086.15410
xeroxworkcentre_5875_firmware< 073.190.086.15410073.190.086.15410
xeroxworkcentre_5875i_firmware< 073.190.086.15410073.190.086.15410
xeroxworkcentre_5890_firmware< 073.190.086.15410073.190.086.15410
xeroxworkcentre_5890i_firmware< 073.190.086.15410073.190.086.15410
xeroxworkcentre_5945_firmware< 073.091.086.15410073.091.086.15410
xeroxworkcentre_5945i_firmware< 073.091.086.15410073.091.086.15410
xeroxworkcentre_5955_firmware< 073.091.086.15410073.091.086.15410
xeroxworkcentre_5955i_firmware< 073.091.086.15410073.091.086.15410
xeroxworkcentre_6655_firmware< 073.110.086.15410073.110.086.15410
xeroxworkcentre_6655i_firmware< 073.110.086.15410073.110.086.15410
xeroxworkcentre_7200_firmware< 073.030.086.15410073.030.086.15410
xeroxworkcentre_7200i_firmware< 073.030.086.15410073.030.086.15410
xeroxworkcentre_7220_firmware< 073.030.086.15410073.030.086.15410
xeroxworkcentre_7225_firmware< 073.030.086.15410073.030.086.15410
xeroxworkcentre_7225i_firmware< 073.030.086.15410073.030.086.15410
xeroxworkcentre_7830_firmware< 073.010.086.15410073.010.086.15410
xeroxworkcentre_7835_firmware< 073.010.086.15410073.010.086.15410
xeroxworkcentre_7845_firmware< 073.010.086.15410073.010.086.15410
xeroxworkcentre_7855_firmware< 073.010.086.15410073.010.086.15410
xeroxworkcentre_7970_firmware< 073.200.086.15410073.200.086.15410
xeroxworkcentre_7970i_firmware< 073.200.086.15410073.200.086.15410

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.