CVE-2019-13166
HIGHXerox Phaser 3320 Firmware V53.006.16.000 - Unauthenticated Brute Force Attack via Missing Account Lockout
Title source: llmDescription
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement account lockout. Local account credentials may be extracted from the device via brute force guessing attacks.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://security.business.xerox.com/
Third Party Advisory x_refsource_misc
https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-xerox-printers/
Scores
CVSS v3
7.5
EPSS
0.0104
EPSS Percentile
59.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-307
Status
published
Products (1)
xerox/phaser_3320_firmware
v53.006.16.000
Published
Mar 13, 2020
Tracked Since
Feb 18, 2026