Authentication Bypass and Arbitrary Code Execution in Xerox WorkCentre Devices
CVE-2006-5290

Currently unrated

Key Information:

Vendor: Xerox
Status: Workcentre 255; Workcentre 245; Workcentre 238; Workcentre 232
Vendor: CVE Published:; 13 October 2006

Summary

Xerox WorkCentre series, including models 232, 238, 245, 255, 265, and 275, are susceptible to an authentication bypass vulnerability. This issue allows remote attackers to exploit the WebUI command injection via the TCP/IP hostname, leading to potential execution of arbitrary code. This risk underscores the importance of securing administrative interfaces and keeping firmware updated.

References

http://secunia.com/advisories/22252

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/20334/info

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/29357

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Oct 13, 2006
Vulnerability Reserved
Oct 13, 2006