cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-12511,https://securityvulnerability.io/vulnerability/CVE-2024-12511,Weakness in Xerox Printer SMB/FTP Configuration Management,"A security vulnerability in Xerox printers allows unauthorized modification of SMB and FTP settings through address book access. This can lead to redirected scans and the potential capture of sensitive credentials. The issue necessitates that scanning features and printer access are enabled, creating an exploit vector for malicious actors. Ensuring proper configuration and access controls is critical for safeguarding sensitive data.",Xerox,"Versalink B400,Versalink B405,Versalink C400,Versalink C405,Versalink B600/b610,Versalink B605/b615,Versalink C500/c600,Versalink C505/c605,Versalink C7000,Versalink C7020/c7025/c7030,Versalink B7025/b7030/b7035,Versalink B7125/b7130/b7135,Versalink C7120/c7125/c7130,Versalink C8000/c9000,Versalink C8000w,Phaser 6510,Workcentre 6515",7.6,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-03T19:23:52.125Z,0
CVE-2024-12510,https://securityvulnerability.io/vulnerability/CVE-2024-12510,LDAP Authentication Bypass in Xerox Products,"An LDAP configuration issue in certain Xerox printers may allow an attacker with admin access to redirect authentication requests to a malicious server, thereby risking exposure of sensitive credentials. This vulnerability necessitates an active LDAP setup and access to the admin interface, emphasizing the importance of proper configuration and access control.",Xerox,"Versalink B400,Versalink B405,Versalink C400,Versalink C405,Versalink B600/b610,Versalink B605/b615,Versalink C500/c600,Versalink C505/c605,Versalink C7000,Versalink C7020/c7025/c7030,Versalink B7025/b7030/b7035,Versalink B7125/b7130/b7135,Versalink C7120/c7125/c7130,Versalink C8000/c9000,Versalink C8000w,Phaser 6510,Workcentre 6515",6.7,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,true,false,,2025-02-03T18:52:16.942Z,4157
CVE-2024-6333,https://securityvulnerability.io/vulnerability/CVE-2024-6333,"Remote Code Execution Vulnerability in Xerox Altalink, Versalink, and WorkCentre Products","A severe vulnerability has been identified in Xerox Altalink, Versalink, and WorkCentre products, allowing authenticated users to execute arbitrary code remotely. This could result in unauthorized access and potential system compromise. Users and administrators are advised to review the official security bulletin from Xerox to understand the implications and apply necessary updates to safeguard their environments.",Xerox,"Altalink® B8045 / B8055 / B8065 / B8075 / B8090 | C8030 / C8035 / C8045 / C8055 / C807,Xerox® Ec8036 / Ec8056,Xerox® Ec8036 / Ec8056 - Common Criteria (june 2022),Xerox® Ec8036 / Ec8056 - Common Criteria (june 2024),Altalink®c8130 / C8135 / C8145 / C8155 / C8170 | B8145 / B8155 / B8170 Common Criteria (aug 2024),Altalink® C8130 / C8135 / C8145 / C8155 / C8170 | B8145 / B8155 / B8170 Common Criteria Certified (aug 2023),Versalink® B625 / C625 | B425 / C425 Common Criteria Certified (2024),Workcentre 3655/3655i,Workcentre 5945/55i,Workcentre 6655/6655i,Workcentre 7220/7225i,Workcentre 7830/7835i,Workcentre 7845/7855i,Workcentre 7845/7855 (ibg),Workcentre 7970/7970i,Workcentre Ec7836,Workcentre Ec7856",7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-17T13:51:16.011Z,0
CVE-2022-45897,https://securityvulnerability.io/vulnerability/CVE-2022-45897,Authenticated Access Vulnerability in Xerox WorkCentre 3550,"An authenticated access vulnerability exists in the Xerox WorkCentre 3550, specifically on version 25.003.03.000. This flaw allows an attacker with legitimate credentials to access the SMB server settings of the device, potentially exposing sensitive information such as stored cleartext credentials. Exploitation of this vulnerability may lead to unauthorized access to critical configuration details, compromising the security of the entire network.",Xerox,Workcentre 3550 Firmware,6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2023-01-31T00:15:00.000Z,0
CVE-2019-10881,https://securityvulnerability.io/vulnerability/CVE-2019-10881,Default hidden Privileged Account Vulnerability in multiple XEROX devices,"Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be disabled.",Xerox,"Altalink B8045/b8055/b8065/b8075/b8090,Altalink C8030/c8035/c8045/c8055/c8070,Workcentre 3655,Workcentre 5845/5855/5865/5875/5890,Workcentre 5945/5955,Workcentre 6655,Workcentre 7220/7225,Workcentre 7830/7835/7845/7855,Workcentre 7970,Workcentre Ec7836/ec7856,Colorqube 9301/9302/9303,Colorqube 8700/8900,Workcentre 6400,Phaser 6700,Phaser 7800,Workcentre 5735/5740/5745/5755/5765/5775/5790,Workcentre 7525/7530/7535/7545/7556,Workcentre 7755/7765/7775",9.4,CRITICAL,0.0017800000496208668,false,,false,false,false,,,false,false,,2021-04-13T20:58:01.000Z,0
CVE-2020-36201,https://securityvulnerability.io/vulnerability/CVE-2020-36201,Encryption Vulnerability in Xerox WorkCentre Devices,"A significant security flaw has been identified in several Xerox WorkCentre products, where passwords are not encrypted properly. This vulnerability impacts multiple device models, posing a risk of unauthorized access and exposure of sensitive information. Users of the affected models should review their security settings and consider immediate updates or security measures to mitigate potential risks associated with this weakness.",Xerox,Workcentre 3655 Firmware,7.5,HIGH,0.002199999988079071,false,,false,false,false,,,false,false,,2021-01-26T18:15:00.000Z,0
CVE-2020-26162,https://securityvulnerability.io/vulnerability/CVE-2020-26162,Cross-Site Scripting Vulnerability in Xerox WorkCentre Devices,"Xerox WorkCentre EC7836 and EC7856 devices before specified firmware versions are susceptible to a Cross-Site Scripting (XSS) vulnerability. This issue arises from insufficient validation of user input on Description pages, which could allow attackers to inject malicious scripts. Exploitation of this vulnerability could lead to unauthorized actions performed in the context of an affected user's session, posing significant risks to data integrity and confidentiality.",Xerox,Workcentre Ec7836 Firmware,6.1,MEDIUM,0.0008399999933317304,false,,false,false,false,,,false,false,,2020-10-09T06:42:29.000Z,0
CVE-2016-11061,https://securityvulnerability.io/vulnerability/CVE-2016-11061,Remote Command Execution Vulnerability in Xerox Multifunction Printers,"Certain models of Xerox WorkCentre multifunction printers have a vulnerability in the support/remoteUI/configrui.php script, allowing unauthenticated attackers to execute arbitrary OS commands on the devices. This issue arises due to insufficient sanitization of user input parameters, enabling potential exploitation without authentication. Affected models include various versions under the WorkCentre 3655, 58XX, 59XX, 6655, 72XX, 78XX, and 7970 series, underscoring the need for immediate updates to safeguard against unauthorized access.",Xerox,Workcentre 3655 Firmware,9.8,CRITICAL,0.002219999907538295,false,,false,false,false,,,false,false,,2020-04-29T21:23:30.000Z,0
CVE-2020-9330,https://securityvulnerability.io/vulnerability/CVE-2020-9330,LDAP Credential Exposure Risk in Xerox WorkCentre Printers,"Certain Xerox WorkCentre printers prior to version 073.xxx.000.02300 lack a mechanism to require revalidation of LDAP bind credentials when the LDAP connector IP address is altered. This flaw allows an attacker, who may exploit default credentials to gain access, to change the LDAP connection IP to a malicious server. Consequently, any subsequent authentication attempts would transmit plaintext LDAP credentials to the attacker. While these credentials may belong to non-privileged users, it is common practice for organizations to use service accounts with elevated privileges for LDAP binds, potentially affording attackers significant control over the Active Directory domain.",Xerox,Workcentre 3655 Firmware,8.8,HIGH,0.0016499999910593033,false,,false,false,false,,,false,false,,2020-02-21T22:47:12.000Z,0
CVE-2019-10880,https://securityvulnerability.io/vulnerability/CVE-2019-10880,OS Command Injection in Xerox Products,"A vulnerability exists within multiple Xerox products that allows an unauthenticated attacker to execute arbitrary commands on the underlying Linux system as the 'nobody' user. This can be triggered through a specially crafted HTTP request, exposing the device to potential unauthorized access and manipulation. The risk varies based on specific configurations, where some may not require authentication for exploitation. This underscores the importance of securing devices against such vulnerabilities and implementing robust access controls.",Xerox,"Altalink B8045/b8055/b8065/b8075/b8090,Altalink C8030/c8035/c8045/c8055/c8070,Workcentre 3655,Workcentre 5845/5855/5865/5875/5890,Workcentre 5945/5955,Workcentre 6655,Workcentre 7220/7225,Workcentre 7830/7835/7845/7855,Workcentre 7970,Workcentre Ec7836/ec7856,Colorqube 9301/9302/9303,Colorqube 8700/8900,Workcentre 6400,Phaser 6700,Phaser 7800,Workcentre 5735/5740/5745/5755/5765/5775/5790,Workcentre 7525/7530/7535/7545/7556,Workcentre 7755/7765/7775",9.8,CRITICAL,0.00279000005684793,false,,false,false,false,,,false,false,,2019-04-12T17:37:54.000Z,0
CVE-2018-20771,https://securityvulnerability.io/vulnerability/CVE-2018-20771,,"An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is unauthenticated Remote Command Execution.",Xerox,Workcentre 3655i Firmware,9.8,CRITICAL,0.005669999867677689,false,,false,false,false,,,false,false,,2019-02-10T17:29:00.000Z,0
CVE-2018-20767,https://securityvulnerability.io/vulnerability/CVE-2018-20767,,"An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is authenticated remote command execution.",Xerox,Workcentre 3655i Firmware,8.8,HIGH,0.0015899999998509884,false,,false,false,false,,,false,false,,2019-02-10T17:29:00.000Z,0
CVE-2018-20769,https://securityvulnerability.io/vulnerability/CVE-2018-20769,,"An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is a Local File Inclusion vulnerability.",Xerox,Workcentre 3655i Firmware,7.5,HIGH,0.00171999994199723,false,,false,false,false,,,false,false,,2019-02-10T17:29:00.000Z,0
CVE-2018-20770,https://securityvulnerability.io/vulnerability/CVE-2018-20770,,"An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is Blind SQL Injection.",Xerox,Workcentre 3655i Firmware,9.8,CRITICAL,0.0013800000306218863,false,,false,false,false,,,false,false,,2019-02-10T17:29:00.000Z,0
CVE-2018-20768,https://securityvulnerability.io/vulnerability/CVE-2018-20768,,"An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file.",Xerox,Workcentre 3655i Firmware,9.8,CRITICAL,0.0023399998899549246,false,,false,false,false,,,false,false,,2019-02-10T17:29:00.000Z,0
CVE-2010-0549,https://securityvulnerability.io/vulnerability/CVE-2010-0549,,"Unspecified vulnerability in the Network Controller in Xerox WorkCentre 6400 System Software 060.070.109.11407 through 060.070.109.29510, and Net Controller 060.079.11410 through 060.079.29310, allows remote attackers to access ""directory structure"" via a crafted PostScript file, aka ""Unauthorized Directory Structure Access Vulnerability.""",Xerox,"Workcentre 6400 System Software,Workcentre 6400 Net Controller",,,0.0035800000187009573,false,,false,false,false,,,false,false,,2010-02-04T20:15:00.000Z,0
CVE-2010-0548,https://securityvulnerability.io/vulnerability/CVE-2010-0548,,"Multiple unspecified vulnerabilities in the Network Controller and Web Server in Xerox WorkCentre 5632, 5638, 5645, 5655, 5665, 5675, and 5687 allow remote attackers to (1) access mailboxes via unknown vectors that bypass Scan to Mailbox authorization or (2) read device configuration information via via unknown vectors that bypass web server authorization.",Xerox,"Workcentre 5675,Workcentre 5638,Workcentre 5655,Workcentre 5665,Workcentre 5687,Workcentre 5645,Workcentre 5632",,,0.002520000096410513,false,,false,false,false,,,false,false,,2010-02-04T20:15:00.000Z,0
CVE-2009-1656,https://securityvulnerability.io/vulnerability/CVE-2009-1656,,"Xerox WorkCentre and WorkCentre Pro 232, 238, 245, 255, 265, 275; and WorkCentre 5632, 5638, 5645, 5655, 5665, 5675, 5687, 7655, 7656, and 7675 allows remote attackers to execute arbitrary commands via unknown attack vectors, aka ""command injection vulnerability.""",Xerox,Workcentre,,,0.010929999873042107,false,,false,false,false,,,false,false,,2009-05-16T18:00:00.000Z,0
CVE-2008-6436,https://securityvulnerability.io/vulnerability/CVE-2008-6436,,"Cross-site scripting (XSS) vulnerability in the Web Server in Xerox WorkCentre 7132, 7228, 7235, and 7245 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",Xerox,Workcentre,,,0.00279000005684793,false,,false,false,false,,,false,false,,2009-03-06T18:00:00.000Z,0
CVE-2008-2825,https://securityvulnerability.io/vulnerability/CVE-2008-2825,,"Cross-site scripting (XSS) vulnerability in the embedded Web Server in Xerox WorkCentre M123, M128, and 133 and WorkCentre Pro 123, 128, and 133 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",Xerox,Workcentre,,,0.0020200000144541264,false,,false,false,false,,,false,false,,2008-06-23T17:00:00.000Z,0
CVE-2008-2824,https://securityvulnerability.io/vulnerability/CVE-2008-2824,,"Unspecified vulnerability in the Extensible Interface Platform in Web Services in Xerox WorkCentre 7655, 7665, and 7675 allows remote attackers to make configuration changes via unknown vectors.",Xerox,Workcentre,,,0.016370000317692757,false,,false,false,false,,,false,false,,2008-06-23T17:00:00.000Z,0
CVE-2006-6472,https://securityvulnerability.io/vulnerability/CVE-2006-6472,,"The httpd.conf file in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 configures port 443 to be always active, which has unknown impact and remote attack vectors.",Xerox,Workcentre,,,0.0031799999997019768,false,,false,false,false,,,false,false,,2006-12-11T18:28:00.000Z,0
CVE-2006-6473,https://securityvulnerability.io/vulnerability/CVE-2006-6473,,"Multiple unspecified vulnerabilities in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 have unknown impact and attack vectors, related to (1) an Immediate Image Overwrite (IIO) error message at the Local User Interface (LUI) if overwrite fails, (2) an IIO failure when a Held Job is deleted, and (3) an On Demand Image Overwrite failure when the overwrite is greater than 2 Gb.",Xerox,Workcentre,,,0.0030400000978261232,false,,false,false,false,,,false,false,,2006-12-11T18:28:00.000Z,0
CVE-2006-6468,https://securityvulnerability.io/vulnerability/CVE-2006-6468,,"Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 do not check the Fully Qualified Domain Name (FQDN) during a ""Validate Repository SSL Certificate"" scan, which has unknown impact and attack vectors, possibly related to spoofed certificates.",Xerox,Workcentre,,,0.0006600000197067857,false,,false,false,false,,,false,false,,2006-12-11T18:28:00.000Z,0
CVE-2006-6470,https://securityvulnerability.io/vulnerability/CVE-2006-6470,,"The SNMP Agent in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 returns no error for a non-writable object, which has unknown impact and attack vectors.  NOTE: due to the vagueness of the advisory, it is not clear whether this is a vulnerability, or a bug in a security feature.",Xerox,Workcentre,,,0.0031799999997019768,false,,false,false,false,,,false,false,,2006-12-11T18:28:00.000Z,0