CVE-2016-11061
CRITICALXerox WorkCentre Multiple Models < 073.xxx.086.15410 - Unauthenticated OS Command Injection
Title source: llmDescription
Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated attacker to execute OS commands on the device.
References (1)
Core 1
Core References
Scores
CVSS v3
9.8
EPSS
0.0199
EPSS Percentile
78.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (25)
xerox/workcentre_3655_firmware
< 073.060.086.15410
xerox/workcentre_3655i_firmware
< 073.060.086.15410
xerox/workcentre_5865_firmware
< 073.190.086.15410
xerox/workcentre_5865i_firmware
< 073.190.086.15410
xerox/workcentre_5875_firmware
< 073.190.086.15410
xerox/workcentre_5875i_firmware
< 073.190.086.15410
xerox/workcentre_5890_firmware
< 073.190.086.15410
xerox/workcentre_5890i_firmware
< 073.190.086.15410
xerox/workcentre_5945_firmware
< 073.091.086.15410
xerox/workcentre_5945i_firmware
< 073.091.086.15410
... and 15 more
Published
Apr 29, 2020
Tracked Since
Feb 18, 2026