CVSS: 10.0EPSS: 0%CPEs: 50EXPL: 0CVE-2016-11061
https://notcve.org/view.php?id=CVE-2016-11061
Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated attacker to execute OS commands on the device. Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970 y 7970i versiones anteriores a 073.xxx.086.15410, no escapan apropiadamente los parámetros en el script support/remoteUI/configrui.php, que puede permitir a un atacante no autenticado ejecutar comandos del Sistema Operativo sobre el dispositivo. • https://securitydocs.business.xerox.com/wp-content/uploads/2016/10/cert_Mini_Security_Bulletin_XRX16Q_for_ConnectKey_R16-05_v1-1-2.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •