Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request (OS Command Injection vulnerability in the HTTP interface). Depending upon configuration authentication may not be necessary.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xerox colorqube_8700_firmware |
||
xerox colorqube_8900_firmware |
||
xerox colorqube_9301_firmware |
||
xerox colorqube_9302_firmware |
||
xerox colorqube_9303_firmware |