cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2019-10881,https://securityvulnerability.io/vulnerability/CVE-2019-10881,Default hidden Privileged Account Vulnerability in multiple XEROX devices,"Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be disabled.",Xerox,"Altalink B8045/b8055/b8065/b8075/b8090,Altalink C8030/c8035/c8045/c8055/c8070,Workcentre 3655,Workcentre 5845/5855/5865/5875/5890,Workcentre 5945/5955,Workcentre 6655,Workcentre 7220/7225,Workcentre 7830/7835/7845/7855,Workcentre 7970,Workcentre Ec7836/ec7856,Colorqube 9301/9302/9303,Colorqube 8700/8900,Workcentre 6400,Phaser 6700,Phaser 7800,Workcentre 5735/5740/5745/5755/5765/5775/5790,Workcentre 7525/7530/7535/7545/7556,Workcentre 7755/7765/7775",9.4,CRITICAL,0.0017800000496208668,false,,false,false,false,,,false,false,,2021-04-13T20:58:01.000Z,0
CVE-2020-36201,https://securityvulnerability.io/vulnerability/CVE-2020-36201,Encryption Vulnerability in Xerox WorkCentre Devices,"A significant security flaw has been identified in several Xerox WorkCentre products, where passwords are not encrypted properly. This vulnerability impacts multiple device models, posing a risk of unauthorized access and exposure of sensitive information. Users of the affected models should review their security settings and consider immediate updates or security measures to mitigate potential risks associated with this weakness.",Xerox,Workcentre 3655 Firmware,7.5,HIGH,0.002199999988079071,false,,false,false,false,,,false,false,,2021-01-26T18:15:00.000Z,0
CVE-2016-11061,https://securityvulnerability.io/vulnerability/CVE-2016-11061,Remote Command Execution Vulnerability in Xerox Multifunction Printers,"Certain models of Xerox WorkCentre multifunction printers have a vulnerability in the support/remoteUI/configrui.php script, allowing unauthenticated attackers to execute arbitrary OS commands on the devices. This issue arises due to insufficient sanitization of user input parameters, enabling potential exploitation without authentication. Affected models include various versions under the WorkCentre 3655, 58XX, 59XX, 6655, 72XX, 78XX, and 7970 series, underscoring the need for immediate updates to safeguard against unauthorized access.",Xerox,Workcentre 3655 Firmware,9.8,CRITICAL,0.002219999907538295,false,,false,false,false,,,false,false,,2020-04-29T21:23:30.000Z,0
CVE-2020-9330,https://securityvulnerability.io/vulnerability/CVE-2020-9330,LDAP Credential Exposure Risk in Xerox WorkCentre Printers,"Certain Xerox WorkCentre printers prior to version 073.xxx.000.02300 lack a mechanism to require revalidation of LDAP bind credentials when the LDAP connector IP address is altered. This flaw allows an attacker, who may exploit default credentials to gain access, to change the LDAP connection IP to a malicious server. Consequently, any subsequent authentication attempts would transmit plaintext LDAP credentials to the attacker. While these credentials may belong to non-privileged users, it is common practice for organizations to use service accounts with elevated privileges for LDAP binds, potentially affording attackers significant control over the Active Directory domain.",Xerox,Workcentre 3655 Firmware,8.8,HIGH,0.0016499999910593033,false,,false,false,false,,,false,false,,2020-02-21T22:47:12.000Z,0
CVE-2019-10880,https://securityvulnerability.io/vulnerability/CVE-2019-10880,OS Command Injection in Xerox Products,"A vulnerability exists within multiple Xerox products that allows an unauthenticated attacker to execute arbitrary commands on the underlying Linux system as the 'nobody' user. This can be triggered through a specially crafted HTTP request, exposing the device to potential unauthorized access and manipulation. The risk varies based on specific configurations, where some may not require authentication for exploitation. This underscores the importance of securing devices against such vulnerabilities and implementing robust access controls.",Xerox,"Altalink B8045/b8055/b8065/b8075/b8090,Altalink C8030/c8035/c8045/c8055/c8070,Workcentre 3655,Workcentre 5845/5855/5865/5875/5890,Workcentre 5945/5955,Workcentre 6655,Workcentre 7220/7225,Workcentre 7830/7835/7845/7855,Workcentre 7970,Workcentre Ec7836/ec7856,Colorqube 9301/9302/9303,Colorqube 8700/8900,Workcentre 6400,Phaser 6700,Phaser 7800,Workcentre 5735/5740/5745/5755/5765/5775/5790,Workcentre 7525/7530/7535/7545/7556,Workcentre 7755/7765/7775",9.8,CRITICAL,0.00279000005684793,false,,false,false,false,,,false,false,,2019-04-12T17:37:54.000Z,0