Remote Code Execution Vulnerability in Xerox Printers and Multifunction Devices
CVE-2021-28673

9.8CRITICAL

Key Information:

Vendor: Xerox
Status: Phaser 6510 Firmware
Vendor: CVE Published:; 29 March 2021

Summary

A remote code execution vulnerability has been identified in various Xerox printers and multifunction devices. This flaw allows attackers to exploit the Web User Interface using a specially crafted clone file, enabling them to execute arbitrary commands remotely. It is crucial for users to apply the latest firmware updates to protect their devices from potential exploitation.

References

https://securitydocs.business.xerox.com/wp-content/upload...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 29, 2021
Vulnerability Reserved
Mar 18, 2021