Vulnerabilities > Xerox > Workcentre 7970I Firmware > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-04-29 CVE-2016-11061 OS Command Injection vulnerability in Xerox products
Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated attacker to execute OS commands on the device.
network
low complexity
xerox CWE-78
critical
 9.8
9.8
2019-02-10 CVE-2018-20768 Code Injection vulnerability in Xerox products
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000.
network
low complexity
xerox CWE-94
critical
 9.8
9.8
2019-02-10 CVE-2018-20770 SQL Injection vulnerability in Xerox products
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000.
network
low complexity
xerox CWE-89
critical
 9.8
9.8
2019-02-10 CVE-2018-20771 Improper Input Validation vulnerability in Xerox products
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000.
network
low complexity
xerox CWE-20
critical
 9.8
9.8