Xerox Altalink B8045 Firmware vulnerabilities
8 known vulnerabilities affecting xerox/altalink_b8045_firmware.
Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH3MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2018-17172P3CRITICALCVSS 9.8fixed in 100.008.028.052002019-01-03
CVE-2018-17172 [CRITICAL] CWE-77 CVE-2018-17172: The web application on Xerox AltaLink B80xx before 100.008.028.05200, C8030/C8035 before 100.001.028
The web application on Xerox AltaLink B80xx before 100.008.028.05200, C8030/C8035 before 100.001.028.05200, C8045/C8055 before 100.002.028.05200, and C8070 before 100.003.028.05200 allows unauthenticated command injection.
nvd
CVE-2019-10881P3CRITICALCVSS 9.8fixed in 103.008.010.140102021-04-13
CVE-2019-10881 [CRITICAL] CWE-259 CVE-2019-10881: Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software r
Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be disabled.
nvd
CVE-2021-28668P3CRITICALCVSS 9.8fixed in 103.008.020.231202021-03-29
CVE-2021-28668 [CRITICAL] CWE-89 CVE-2021-28668: Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 bef
Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 has several SQL injection vulnerabilities.
nvd
CVE-2021-28670P3CRITICALCVSS 9.1fixed in 103.008.020.231202021-03-29
CVE-2021-28670 [CRITICAL] CVE-2021-28670: Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 before 103.001.030.32000, C8045/C80
Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 before 103.001.030.32000, C8045/C8055 before 103.002.030.32000 and C8070 before 103.003.030.32000 allow unauthorized users, by leveraging the Scan To Mailbox feature, to delete arbitrary files from the disk.
nvd
CVE-2019-18629P3HIGHCVSS 8.1fixed in 101.008.099.282002021-03-04
CVE-2019-18629 [HIGH] CVE-2019-18629: Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printer
Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing that file with a compromised private key.
nvd
CVE-2021-28669P3HIGHCVSS 7.5fixed in 103.008.020.231202021-03-29
CVE-2021-28669 [HIGH] CWE-862 CVE-2021-28669: Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 bef
Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 provide the ability to set configuration attributes without administrative rights.
nvd
CVE-2019-18630P3HIGHCVSS 7.5fixed in 103.008.010.140102021-03-04
CVE-2019-18630 [HIGH] CWE-312 CVE-2019-18630: On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction prin
On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200, portions of the drive containing executable code were not encrypted thus leaving it open to potential cryptographic information disclosure.
nvd
CVE-2019-18628P4MEDIUMCVSS 4.9fixed in 103.008.010.140102021-03-04
CVE-2019-18628 [MEDIUM] CVE-2019-18628: Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printer
Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow a user with administrative privileges to turn off data encryption on the device, thus leaving it open to potential cryptographic information disclosure.
nvd