Vulnerabilities > Xerox > Workcentre 3655I Firmware > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-04-29 | CVE-2016-11061 | OS Command Injection vulnerability in Xerox products Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated attacker to execute OS commands on the device. | 9.8 |
2019-02-10 | CVE-2018-20768 | Code Injection vulnerability in Xerox products An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. | 9.8 |
2019-02-10 | CVE-2018-20770 | SQL Injection vulnerability in Xerox products An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. | 9.8 |
2019-02-10 | CVE-2018-20771 | Improper Input Validation vulnerability in Xerox products An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. | 9.8 |