Phaser
by Xerox
CVEs (15)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-3571 | 0.06 | — | 0.36 | Aug 10, 2008 | The Xerox Phaser 8400 allows remote attackers to cause a denial of service (reboot) via an empty UDP packet to port 1900. | |||
| CVE-2021-37354 | 0.00 | — | 0.01 | Feb 15, 2022 | Xerox Phaser 4622 v35.013.01.000 was discovered to contain a buffer overflow in the function sub_3226AC via the TIMEZONE variable. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. | |||
| CVE-2019-10881 | 0.00 | — | 0.01 | Apr 13, 2021 | Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be disabled. | |||
| CVE-2021-28671 | 0.00 | — | 0.03 | Mar 29, 2021 | Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 6515 before 65.65.51 and 65.59.11 (Bridge), VersaLink B400 before 37.65.51 and 37.59.01 (Bridge), B405 before 38.65.51 and 38.59.01 (Bridge), B600/B610 before 32.65.51 and 32.59.01 (Bridge), B605/B615 before… | |||
| CVE-2021-28672 | 0.00 | — | 0.02 | Mar 29, 2021 | Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 6515 before 65.65.51 and 65.59.11 (Bridge), VersaLink B400 before 37.65.51 and 37.59.01 (Bridge), B405 before 38.65.51 and 38.59.01 (Bridge), B600/B610 before 32.65.51 and 32.59.01 (Bridge), B605/B615 before… | |||
| CVE-2021-28673 | 0.00 | — | 0.02 | Mar 29, 2021 | Xerox Phaser 6510 before 64.61.23 and 64.59.11 (Bridge), WorkCentre 6515 before 65.61.23 and 65.59.11 (Bridge), VersaLink B400 before 37.61.23 and 37.59.01 (Bridge), B405 before 38.61.23 and 38.59.01 (Bridge), B600/B610 before 32.61.23 and 32.59.01 (Bridge), B605/B615 before… | |||
| CVE-2019-13165 | 0.00 | — | 0.03 | Mar 13, 2020 | Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the request parser of the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) and potentially execute arbitrary code on the… | |||
| CVE-2019-13166 | 0.00 | — | 0.01 | Mar 13, 2020 | Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement account lockout. Local account credentials may be extracted from the device via brute force guessing attacks. | |||
| CVE-2019-13167 | 0.00 | — | 0.01 | Mar 13, 2020 | Multiple Stored XSS vulnerabilities were found in the Xerox Web Application, used by the Phaser 3320 V53.006.16.000 and other printers. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of… | |||
| CVE-2019-13168 | 0.00 | — | 0.03 | Mar 13, 2020 | Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the attributes parser of the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) and potentially execute arbitrary code on… | |||
| CVE-2019-13169 | 0.00 | — | 0.03 | Mar 13, 2020 | Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the Content-Type HTTP Header of the web application that would allow an attacker to execute arbitrary code on the device. | |||
| CVE-2019-13170 | 0.00 | — | 0.00 | Mar 13, 2020 | Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement any mechanism to avoid CSRF attacks. Successful exploitation of this vulnerability can lead to the takeover of a local account on the device. | |||
| CVE-2019-13171 | 0.00 | — | 0.03 | Mar 13, 2020 | Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by one or more stack-based buffer overflow vulnerabilities in the Google Cloud Print implementation that would allow an unauthenticated attacker to execute arbitrary code on the device. This was caused by… | |||
| CVE-2019-13172 | 0.00 | — | 0.03 | Mar 13, 2020 | Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the Authentication Cookie of the web application that would allow an attacker to execute arbitrary code on the device. | |||
| CVE-2019-10880 | 0.00 | — | 0.08 | Apr 12, 2019 | Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request (OS Command Injection vulnerability in the HTTP interface). Depending upon configuration authentication may not be necessary. |
- CVE-2008-3571Aug 10, 2008risk 0.06cvss —epss 0.36
The Xerox Phaser 8400 allows remote attackers to cause a denial of service (reboot) via an empty UDP packet to port 1900.
- CVE-2021-37354Feb 15, 2022risk 0.00cvss —epss 0.01
Xerox Phaser 4622 v35.013.01.000 was discovered to contain a buffer overflow in the function sub_3226AC via the TIMEZONE variable. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.
- CVE-2019-10881Apr 13, 2021risk 0.00cvss —epss 0.01
Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be disabled.
- CVE-2021-28671Mar 29, 2021risk 0.00cvss —epss 0.03
Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 6515 before 65.65.51 and 65.59.11 (Bridge), VersaLink B400 before 37.65.51 and 37.59.01 (Bridge), B405 before 38.65.51 and 38.59.01 (Bridge), B600/B610 before 32.65.51 and 32.59.01 (Bridge), B605/B615 before…
- CVE-2021-28672Mar 29, 2021risk 0.00cvss —epss 0.02
Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 6515 before 65.65.51 and 65.59.11 (Bridge), VersaLink B400 before 37.65.51 and 37.59.01 (Bridge), B405 before 38.65.51 and 38.59.01 (Bridge), B600/B610 before 32.65.51 and 32.59.01 (Bridge), B605/B615 before…
- CVE-2021-28673Mar 29, 2021risk 0.00cvss —epss 0.02
Xerox Phaser 6510 before 64.61.23 and 64.59.11 (Bridge), WorkCentre 6515 before 65.61.23 and 65.59.11 (Bridge), VersaLink B400 before 37.61.23 and 37.59.01 (Bridge), B405 before 38.61.23 and 38.59.01 (Bridge), B600/B610 before 32.61.23 and 32.59.01 (Bridge), B605/B615 before…
- CVE-2019-13165Mar 13, 2020risk 0.00cvss —epss 0.03
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the request parser of the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) and potentially execute arbitrary code on the…
- CVE-2019-13166Mar 13, 2020risk 0.00cvss —epss 0.01
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement account lockout. Local account credentials may be extracted from the device via brute force guessing attacks.
- CVE-2019-13167Mar 13, 2020risk 0.00cvss —epss 0.01
Multiple Stored XSS vulnerabilities were found in the Xerox Web Application, used by the Phaser 3320 V53.006.16.000 and other printers. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of…
- CVE-2019-13168Mar 13, 2020risk 0.00cvss —epss 0.03
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the attributes parser of the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) and potentially execute arbitrary code on…
- CVE-2019-13169Mar 13, 2020risk 0.00cvss —epss 0.03
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the Content-Type HTTP Header of the web application that would allow an attacker to execute arbitrary code on the device.
- CVE-2019-13170Mar 13, 2020risk 0.00cvss —epss 0.00
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement any mechanism to avoid CSRF attacks. Successful exploitation of this vulnerability can lead to the takeover of a local account on the device.
- CVE-2019-13171Mar 13, 2020risk 0.00cvss —epss 0.03
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by one or more stack-based buffer overflow vulnerabilities in the Google Cloud Print implementation that would allow an unauthenticated attacker to execute arbitrary code on the device. This was caused by…
- CVE-2019-13172Mar 13, 2020risk 0.00cvss —epss 0.03
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the Authentication Cookie of the web application that would allow an attacker to execute arbitrary code on the device.
- CVE-2019-10880Apr 12, 2019risk 0.00cvss —epss 0.08
Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request (OS Command Injection vulnerability in the HTTP interface). Depending upon configuration authentication may not be necessary.