Command injection

2020-04-2922:15:00

PRIOn knowledge base

www.prio-n.com

7.8 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

60.8%

JSON

Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated attacker to execute OS commands on the device.

CPENameOperatorVersion
workcentre_3655_firmwarelt073.060.086.15410
workcentre_3655i_firmwarelt073.060.086.15410
workcentre_5865_firmwarelt073.190.086.15410
workcentre_5865i_firmwarelt073.190.086.15410
workcentre_5875_firmwarelt073.190.086.15410
workcentre_5875i_firmwarelt073.190.086.15410
workcentre_5890_firmwarelt073.190.086.15410
workcentre_5890i_firmwarelt073.190.086.15410
workcentre_5945_firmwarelt073.091.086.15410
workcentre_5945i_firmwarelt073.091.086.15410

Name	Operator	Version
workcentre_3655_firmware	lt	073.060.086.15410
workcentre_3655i_firmware	lt	073.060.086.15410
workcentre_5865_firmware	lt	073.190.086.15410
workcentre_5865i_firmware	lt	073.190.086.15410
workcentre_5875_firmware	lt	073.190.086.15410
workcentre_5875i_firmware	lt	073.190.086.15410
workcentre_5890_firmware	lt	073.190.086.15410
workcentre_5890i_firmware	lt	073.190.086.15410
workcentre_5945_firmware	lt	073.091.086.15410
workcentre_5945i_firmware	lt	073.091.086.15410