CVE-2016-11061

CRITICAL

Xerox WorkCentre Multiple Models < 073.xxx.086.15410 - Unauthenticated OS Command Injection

Title source: llm
STIX 2.1

Description

Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated attacker to execute OS commands on the device.

Scores

CVSS v3 9.8
EPSS 0.0199
EPSS Percentile 78.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (25)
xerox/workcentre_3655_firmware < 073.060.086.15410
xerox/workcentre_3655i_firmware < 073.060.086.15410
xerox/workcentre_5865_firmware < 073.190.086.15410
xerox/workcentre_5865i_firmware < 073.190.086.15410
xerox/workcentre_5875_firmware < 073.190.086.15410
xerox/workcentre_5875i_firmware < 073.190.086.15410
xerox/workcentre_5890_firmware < 073.190.086.15410
xerox/workcentre_5890i_firmware < 073.190.086.15410
xerox/workcentre_5945_firmware < 073.091.086.15410
xerox/workcentre_5945i_firmware < 073.091.086.15410
... and 15 more
Published Apr 29, 2020
Tracked Since Feb 18, 2026