CVE-2016-11061
published 2020-04-29CVE-2016-11061: Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly…
PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.99%
78.1th percentile
Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated attacker to execute OS commands on the device.
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xerox | workcentre_3655_firmware | < 073.060.086.15410 | 073.060.086.15410 |
| xerox | workcentre_3655i_firmware | < 073.060.086.15410 | 073.060.086.15410 |
| xerox | workcentre_5865_firmware | < 073.190.086.15410 | 073.190.086.15410 |
| xerox | workcentre_5865i_firmware | < 073.190.086.15410 | 073.190.086.15410 |
| xerox | workcentre_5875_firmware | < 073.190.086.15410 | 073.190.086.15410 |
| xerox | workcentre_5875i_firmware | < 073.190.086.15410 | 073.190.086.15410 |
| xerox | workcentre_5890_firmware | < 073.190.086.15410 | 073.190.086.15410 |
| xerox | workcentre_5890i_firmware | < 073.190.086.15410 | 073.190.086.15410 |
| xerox | workcentre_5945_firmware | < 073.091.086.15410 | 073.091.086.15410 |
| xerox | workcentre_5945i_firmware | < 073.091.086.15410 | 073.091.086.15410 |
| xerox | workcentre_5955_firmware | < 073.091.086.15410 | 073.091.086.15410 |
| xerox | workcentre_5955i_firmware | < 073.091.086.15410 | 073.091.086.15410 |
| xerox | workcentre_6655_firmware | < 073.110.086.15410 | 073.110.086.15410 |
| xerox | workcentre_6655i_firmware | < 073.110.086.15410 | 073.110.086.15410 |
| xerox | workcentre_7200_firmware | < 073.030.086.15410 | 073.030.086.15410 |
| xerox | workcentre_7200i_firmware | < 073.030.086.15410 | 073.030.086.15410 |
| xerox | workcentre_7220_firmware | < 073.030.086.15410 | 073.030.086.15410 |
| xerox | workcentre_7225_firmware | < 073.030.086.15410 | 073.030.086.15410 |
| xerox | workcentre_7225i_firmware | < 073.030.086.15410 | 073.030.086.15410 |
| xerox | workcentre_7830_firmware | < 073.010.086.15410 | 073.010.086.15410 |
| xerox | workcentre_7835_firmware | < 073.010.086.15410 | 073.010.086.15410 |
| xerox | workcentre_7845_firmware | < 073.010.086.15410 | 073.010.086.15410 |
| xerox | workcentre_7855_firmware | < 073.010.086.15410 | 073.010.086.15410 |
| xerox | workcentre_7970_firmware | < 073.200.086.15410 | 073.200.086.15410 |
| xerox | workcentre_7970i_firmware | < 073.200.086.15410 | 073.200.086.15410 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-04-29
Published