CVE-2020-36201

HIGH

Xerox WorkCentre Multiple Models Firmware - Weak Cryptographic Algorithm

Title source: llm

Description

An issue was discovered in certain Xerox WorkCentre products. They do not properly encrypt passwords. This affects 3655, 3655i, 58XX, 58XXi 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices.

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_misc

https://securitydocs.business.xerox.com/wp-content/uploads/2020/06/cert_Security_Mini_Bulletin_XRX20L_for_ConnectKey-1.pdf

Scores

CVSS v3 7.5

EPSS 0.0080

EPSS Percentile 51.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-327

Status published

Products (30)

xerox/workcentre_3655_firmware < 075.060.000.12010

xerox/workcentre_3655i_firmware < 075.060.000.12010

xerox/workcentre_5865_firmware < 075.190.010.12010

xerox/workcentre_5865i_firmware < 075.190.010.12010

xerox/workcentre_5875_firmware < 075.190.010.12010

xerox/workcentre_5875i_firmware < 075.190.010.12010

xerox/workcentre_5890_firmware < 075.190.010.12010

xerox/workcentre_5890i_firmware < 075.190.010.12010

xerox/workcentre_5945_firmware < 075.091.010.12010

xerox/workcentre_5945i_firmware < 075.091.010.12010

... and 20 more

Published Jan 26, 2021

Tracked Since Feb 18, 2026