Workcentre_ec7836_firmware - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Workcentre_ec7836_firmware
(Xerox)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	8

Date	Id	Summary	Products	Score	Patch	Annotated
2020-02-21	CVE-2020-9330	Certain Xerox WorkCentre printers before 073.xxx.000.02300 do not require the user to reenter or validate LDAP bind credentials when changing the LDAP connector IP address. A malicious actor who gains access to affected devices (e.g., by using default credentials) can change the LDAP connection IP address to a system owned by the actor without knowledge of the LDAP bind credentials. After changing the LDAP connection IP address, subsequent authentication attempts will result in the printer...	Workcentre_3655_firmware, Workcentre_3655i_firmware, Workcentre_5845_firmware, Workcentre_5855_firmware, Workcentre_5945_firmware, Workcentre_5955_firmware, Workcentre_6655_firmware, Workcentre_6655i_firmware, Workcentre_7220_firmware, Workcentre_7225_firmware, Workcentre_7830_firmware, Workcentre_7835_firmware, Workcentre_7845_firmware, Workcentre_7855_firmware, Workcentre_7970_firmware, Workcentre_7970i_firmware, Workcentre_ec7836_firmware, Workcentre_ec7856_firmware	8.8
2021-01-26	CVE-2020-36201	An issue was discovered in certain Xerox WorkCentre products. They do not properly encrypt passwords. This affects 3655, 3655i, 58XX, 58XXi 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices.	Workcentre_3655_firmware, Workcentre_3655i_firmware, Workcentre_5865_firmware, Workcentre_5865i_firmware, Workcentre_5875_firmware, Workcentre_5875i_firmware, Workcentre_5890_firmware, Workcentre_5890i_firmware, Workcentre_5945_firmware, Workcentre_5945i_firmware, Workcentre_5955_firmware, Workcentre_5955i_firmware, Workcentre_6655_firmware, Workcentre_6655i_firmware, Workcentre_7220_firmware, Workcentre_7220i_firmware, Workcentre_7225_firmware, Workcentre_7225i_firmware, Workcentre_7830_firmware, Workcentre_7830i_firmware, Workcentre_7835_firmware, Workcentre_7835i_firmware, Workcentre_7845_firmware, Workcentre_7845i_firmware, Workcentre_7855_firmware, Workcentre_7855i_firmware, Workcentre_7970_firmware, Workcentre_7970i_firmware, Workcentre_ec7836_firmware, Workcentre_ec7856_firmware	7.5
2020-10-09	CVE-2020-26162	Xerox WorkCentre EC7836 before 073.050.059.25300 and EC7856 before 073.020.059.25300 devices allow XSS via Description pages.	Workcentre_ec7836_firmware, Workcentre_ec7856_firmware	6.1
2019-02-10	CVE-2018-20769	An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is a Local File Inclusion vulnerability.	Workcentre_3655_firmware, Workcentre_3655i_firmware, Workcentre_5845_firmware, Workcentre_5865_firmware, Workcentre_5865i_firmware, Workcentre_5875_firmware, Workcentre_5875i_firmware, Workcentre_5890_firmware, Workcentre_5890i_firmware, Workcentre_5900_firmware, Workcentre_5900i_firmware, Workcentre_6655_firmware, Workcentre_6655i_firmware, Workcentre_7220_firmware, Workcentre_7220i_firmware, Workcentre_7225_firmware, Workcentre_7225i_firmware, Workcentre_7830_firmware, Workcentre_7830i_firmware, Workcentre_7835_firmware, Workcentre_7835i_firmware, Workcentre_7845_firmware, Workcentre_7845i_firmware, Workcentre_7855_firmware, Workcentre_7855i_firmware, Workcentre_7970_firmware, Workcentre_7970i_firmware, Workcentre_ec7836_firmware, Workcentre_ec7856_firmware	7.5
2019-02-10	CVE-2018-20771	An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is unauthenticated Remote Command Execution.	Workcentre_3655_firmware, Workcentre_3655i_firmware, Workcentre_5845_firmware, Workcentre_5865_firmware, Workcentre_5865i_firmware, Workcentre_5875_firmware, Workcentre_5875i_firmware, Workcentre_5890_firmware, Workcentre_5890i_firmware, Workcentre_5900_firmware, Workcentre_5900i_firmware, Workcentre_6655_firmware, Workcentre_6655i_firmware, Workcentre_7220_firmware, Workcentre_7220i_firmware, Workcentre_7225_firmware, Workcentre_7225i_firmware, Workcentre_7830_firmware, Workcentre_7830i_firmware, Workcentre_7835_firmware, Workcentre_7835i_firmware, Workcentre_7845_firmware, Workcentre_7845i_firmware, Workcentre_7855_firmware, Workcentre_7855i_firmware, Workcentre_7970_firmware, Workcentre_7970i_firmware, Workcentre_ec7836_firmware, Workcentre_ec7856_firmware	9.8
2019-02-10	CVE-2018-20770	An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is Blind SQL Injection.	Workcentre_3655_firmware, Workcentre_3655i_firmware, Workcentre_5845_firmware, Workcentre_5865_firmware, Workcentre_5865i_firmware, Workcentre_5875_firmware, Workcentre_5875i_firmware, Workcentre_5890_firmware, Workcentre_5890i_firmware, Workcentre_5900_firmware, Workcentre_5900i_firmware, Workcentre_6655_firmware, Workcentre_6655i_firmware, Workcentre_7220_firmware, Workcentre_7220i_firmware, Workcentre_7225_firmware, Workcentre_7225i_firmware, Workcentre_7830_firmware, Workcentre_7830i_firmware, Workcentre_7835_firmware, Workcentre_7835i_firmware, Workcentre_7845_firmware, Workcentre_7845i_firmware, Workcentre_7855_firmware, Workcentre_7855i_firmware, Workcentre_7970_firmware, Workcentre_7970i_firmware, Workcentre_ec7836_firmware, Workcentre_ec7856_firmware	9.8
2019-02-10	CVE-2018-20768	An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file.	Workcentre_3655_firmware, Workcentre_3655i_firmware, Workcentre_5845_firmware, Workcentre_5865_firmware, Workcentre_5865i_firmware, Workcentre_5875_firmware, Workcentre_5875i_firmware, Workcentre_5890_firmware, Workcentre_5890i_firmware, Workcentre_5900_firmware, Workcentre_5900i_firmware, Workcentre_6655_firmware, Workcentre_6655i_firmware, Workcentre_7220_firmware, Workcentre_7220i_firmware, Workcentre_7225_firmware, Workcentre_7225i_firmware, Workcentre_7830_firmware, Workcentre_7830i_firmware, Workcentre_7835_firmware, Workcentre_7835i_firmware, Workcentre_7845_firmware, Workcentre_7845i_firmware, Workcentre_7855_firmware, Workcentre_7855i_firmware, Workcentre_7970_firmware, Workcentre_7970i_firmware, Workcentre_ec7836_firmware, Workcentre_ec7856_firmware	9.8
2019-02-10	CVE-2018-20767	An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is authenticated remote command execution.	Workcentre_3655_firmware, Workcentre_3655i_firmware, Workcentre_5845_firmware, Workcentre_5865_firmware, Workcentre_5865i_firmware, Workcentre_5875_firmware, Workcentre_5875i_firmware, Workcentre_5890_firmware, Workcentre_5890i_firmware, Workcentre_5900_firmware, Workcentre_5900i_firmware, Workcentre_6655_firmware, Workcentre_6655i_firmware, Workcentre_7220_firmware, Workcentre_7220i_firmware, Workcentre_7225_firmware, Workcentre_7225i_firmware, Workcentre_7830_firmware, Workcentre_7830i_firmware, Workcentre_7835_firmware, Workcentre_7835i_firmware, Workcentre_7845_firmware, Workcentre_7845i_firmware, Workcentre_7855_firmware, Workcentre_7855i_firmware, Workcentre_7970_firmware, Workcentre_7970i_firmware, Workcentre_ec7836_firmware, Workcentre_ec7856_firmware	8.8