3 results (0.002 seconds)

CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 1

Xerox VersaLink devices on specific versions of firmware before 2022-01-26 allow remote attackers to brick the device via a crafted TIFF file in an unauthenticated HTTP POST request. There is a permanent denial of service because image parsing causes a reboot, but image parsing is restarted as soon as the boot process finishes. However, this boot loop can be resolved by a field technician. The TIFF file must have an incomplete Image Directory. Affected firmware versions include xx.42.01 and xx.50.61. • https://neosmart.net/blog/2022/xerox-vulnerability-allows-unauthenticated-network-users-to-remotely-brick-printers https://twitter.com/mqudsi/status/1485756915187695618 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 9.8EPSS: 0%CPEs: 94EXPL: 0

Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 6515 before 65.65.51 and 65.59.11 (Bridge), VersaLink B400 before 37.65.51 and 37.59.01 (Bridge), B405 before 38.65.51 and 38.59.01 (Bridge), B600/B610 before 32.65.51 and 32.59.01 (Bridge), B605/B615 before 33.65.51 and 33.59.01 (Bridge), B7025/30/35 before 58.65.51 and 58.59.11 (Bridge), C400 before 67.65.51 and 67.59.01 (Bridge), C405 before 68.65.51 and 68.59.01 (Bridge), C500/C600 before 61.65.51 and 61.59.01 (Bridge), C505/C605 before 62.65.51 and 62.59.01 (Bridge), C7000 before 56.65.51 and 56.59.01 (Bridge), C7020/25/30 before 57.65.51 and 57.59.01 (Bridge), C8000/C9000 before 70.65.51 and 70.59.01 (Bridge), C8000W before 72.65.51 have a remote Command Execution vulnerability in the Web User Interface that allows remote attackers with "a weaponized clone file" to execute arbitrary commands. Xerox Phaser 6510 versiones anteriores a 64.65.51 y 64.59.11 (Bridge), WorkCentre 6515 versiones anteriores a 65.65.51 y 65.59.11 (Bridge), VersaLink B400 versiones anteriores a 37.65.51 y 37.59.01 (Bridge), B405 versiones anteriores a 38.65.51 y 38.59 .01 (Bridge), B600/B610 versiones anteriores a 32.65.51 y 32.59.01 (Bridge), B605/B615 versiones anteriores a 33.65.51 y 33.59.01 (Bridge), B7025/30/35 versiones anteriores a 58.65.51 y 58.59.11 ( Bridge), C400 versiones anteriores a 67.65.51 y 67.59.01 (Bridge), C405 versiones anteriores a 68.65.51 y 68.59.01 (Bridge), C500/C600 versiones anteriores a 61.65.51 y 61.59.01 (Bridge), C505/C605 versiones anteriores a 62.65. 51 y 62.59.01 (Bridge), C7000 versiones anteriores a 56.65.51 y 56.59.01 (Bridge), C7020/25/30 versiones anteriores a 57.65.51 y 57.59.01 (Bridge), C8000/C9000 versiones anteriores a 70.65.51 y 70.59.01 (Bridge), C8000W versiones anteriores a 72.65.51, presentan una vulnerabilidad de ejecución de comandos remota en la interfaz de usuario web que permite a atacantes remotos con "a weaponized clone file" ejecutar comandos arbitrarios • https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX21D_for_PH6510_WC6515_VersaLink-1.pdf •

CVSS: 9.8EPSS: 0%CPEs: 94EXPL: 0

Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 6515 before 65.65.51 and 65.59.11 (Bridge), VersaLink B400 before 37.65.51 and 37.59.01 (Bridge), B405 before 38.65.51 and 38.59.01 (Bridge), B600/B610 before 32.65.51 and 32.59.01 (Bridge), B605/B615 before 33.65.51 and 33.59.01 (Bridge), B7025/30/35 before 58.65.51 and 58.59.11 (Bridge), C400 before 67.65.51 and 67.59.01 (Bridge), C405 before 68.65.51 and 68.59.01 (Bridge), C500/C600 before 61.65.51 and 61.59.01 (Bridge), C505/C605 before 62.65.51 and 62.59.01 (Bridge), C7000 before 56.65.51 and 56.59.01 (Bridge), C7020/25/30 before 57.65.51 and 57.59.01 (Bridge), C8000/C9000 before 70.65.51 and 70.59.01 (Bridge), C8000W before 72.65.51 allows remote attackers to execute arbitrary code through a buffer overflow in Web page parameter handling. Xerox Phaser 6510 versiones anteriores a 64.65.51 y 64.59.11 (Bridge), WorkCentre 6515 versiones anteriores a 65.65.51 y 65.59.11 (Bridge), VersaLink B400 versiones anteriores a 37.65.51 y 37.59.01 (Bridge), B405 versiones anteriores a 38.65.51 y 38.59 .01 (Bridge), B600/B610 versiones anteriores a 32.65.51 y 32.59.01 (Bridge), B605/B615 versiones anteriores a 33.65.51 y 33.59.01 (Bridge), B7025/30/35 versiones anteriores a 58.65.51 y 58.59.11 ( Bridge), C400 versiones anteriores a 67.65.51 y 67.59.01 (Bridge), C405 versiones anteriores a 68.65.51 y 68.59.01 (Bridge), C500/C600 versiones anteriores a 61.65.51 y 61.59.01 (Bridge), C505/C605 versiones anteriores a 62.65. 51 y 62.59.01 (Bridge), C7000 versiones anteriores a 56.65.51 y 56.59.01 (Bridge), C7020/25/30 versiones anteriores a 57.65.51 y 57.59.01 (Bridge), C8000/C9000 versiones anteriores a 70.65.51 y 70.59.01 (Bridge), C8000W versiones anteriores a 72.65.51, permite a atacantes remotos ejecutar código arbitrario por medio de un desbordamiento del búfer en el manejo de parámetros de la página Web • https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX21D_for_PH6510_WC6515_VersaLink-1.pdf • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •