VYPR
Unrated severityNVD Advisory· Published Dec 10, 2006· Updated Jun 16, 2026

CVE-2006-6427

CVE-2006-6427

Description

The Web User Interface in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows remote attackers to execute arbitrary commands via unspecified vectors involving "command injection" in (1) the TCP/IP hostname, (2) Scan-to-mailbox folder names, and (3) certain parameters in the Microsoft Networking configuration. NOTE: vector 1 might be the same as CVE-2006-5290.

Affected products

7
  • Xerox/Workcentre7 versions
    cpe:2.3:h:xerox:workcentre:12.060.17.000:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:h:xerox:workcentre:12.060.17.000:*:*:*:*:*:*:*
    • cpe:2.3:h:xerox:workcentre:12.060.17.000:*:pro:*:*:*:*:*
    • cpe:2.3:h:xerox:workcentre:13.060.17.000:*:*:*:*:*:*:*
    • cpe:2.3:h:xerox:workcentre:13.060.17.000:*:pro:*:*:*:*:*
    • cpe:2.3:h:xerox:workcentre:14.060.17.000:*:*:*:*:*:*:*
    • cpe:2.3:h:xerox:workcentre:14.060.17.000:*:pro:*:*:*:*:*
    • (no CPE)range: <12.060.17.000 (12.x), <13.060.17.000 (13.x), <14.060.17.000 (14.x)

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.