cbcvebase.

Xerox Workcentre 3655 Firmware vulnerabilities

8 known vulnerabilities affecting xerox/workcentre_3655_firmware.

Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH4

Vulnerabilities

Page 1 of 1
CVE-2016-11061P2CRITICALCVSS 9.8fixed in 073.060.086.154102020-04-29
CVE-2016-11061 [CRITICAL] CWE-78 CVE-2016-11061: Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated attacker to execute OS commands on the device.
nvd
CVE-2018-20771P2CRITICALCVSS 9.8fixed in 073.060.048.150002019-02-10
CVE-2018-20771 [CRITICAL] CWE-20 CVE-2018-20771: An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is unauthenticated Remote Command Execution.
nvd
CVE-2020-9330P3HIGHCVSS 8.8fixed in 073.060.000.023002020-02-21
CVE-2020-9330 [HIGH] CWE-306 CVE-2020-9330: Certain Xerox WorkCentre printers before 073.xxx.000.02300 do not require the user to reenter or val Certain Xerox WorkCentre printers before 073.xxx.000.02300 do not require the user to reenter or validate LDAP bind credentials when changing the LDAP connector IP address. A malicious actor who gains access to affected devices (e.g., by using default credentials) can change the LDAP connection IP address to a system owned by the actor without knowledge
nvd
CVE-2018-20770P3CRITICALCVSS 9.8fixed in 073.060.048.150002019-02-10
CVE-2018-20770 [CRITICAL] CWE-89 CVE-2018-20770: An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is Blind SQL Injection.
nvd
CVE-2018-20767P3HIGHCVSS 8.8fixed in 073.060.048.150002019-02-10
CVE-2018-20767 [HIGH] CWE-20 CVE-2018-20767: An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is authenticated remote command execution.
nvd
CVE-2018-20768P3CRITICALCVSS 9.8fixed in 073.060.048.150002019-02-10
CVE-2018-20768 [CRITICAL] CWE-94 CVE-2018-20768: An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file.
nvd
CVE-2018-20769P3HIGHCVSS 7.5fixed in 073.060.048.150002019-02-10
CVE-2018-20769 [HIGH] CWE-22 CVE-2018-20769: An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is a Local File Inclusion vulnerability.
nvd
CVE-2020-36201P3HIGHCVSS 7.5fixed in 075.060.000.120102021-01-26
CVE-2020-36201 [HIGH] CWE-327 CVE-2020-36201: An issue was discovered in certain Xerox WorkCentre products. They do not properly encrypt passwords An issue was discovered in certain Xerox WorkCentre products. They do not properly encrypt passwords. This affects 3655, 3655i, 58XX, 58XXi 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices.
nvd
Xerox Workcentre 3655 Firmware vulnerabilities | cvebase