CVE-2013-6362

nvd nist

Published: Feb 13, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Xerox ColorCube and WorkCenter devices in 2013 had hardcoded FTP and shell user accounts.

Affected (12)

Products: Xerox: Colorqube 9201 Firmware, Colorqube 9202 Firmware, Colorqube 9203 Firmware, Workcentre 6400 Firmware, Workcentre 7525 Firmware, Workcentre 7530 Firmware, Workcentre 7535 Firmware, Workcentre 7545 Firmware, Workcentre 7556 Firmware, Workcentre 7755 Firmware, Workcentre 7765 Firmware, Workcentre 7775 Firmware

Xerox

12 products

Colorqube 9201 Firmware

Colorqube 9202 Firmware

Colorqube 9203 Firmware

Workcentre 6400 Firmware

Workcentre 7525 Firmware

Workcentre 7530 Firmware

Workcentre 7535 Firmware

Workcentre 7545 Firmware

Workcentre 7556 Firmware

Workcentre 7755 Firmware

Workcentre 7765 Firmware

Workcentre 7775 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Colorqube 9201 Firmware	Version 2013

Running on/with	Platform Versions
Xerox Colorqube 9201	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Colorqube 9202 Firmware	Version 2013

Running on/with	Platform Versions
Xerox Colorqube 9202	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Colorqube 9203 Firmware	Version 2013

Running on/with	Platform Versions
Xerox Colorqube 9203	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Workcentre 6400 Firmware	Version 2013

Running on/with	Platform Versions
Xerox Workcentre 6400	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Workcentre 7525 Firmware	Version 2013

Running on/with	Platform Versions
Xerox Workcentre 7525	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Workcentre 7530 Firmware	Version 2013

Running on/with	Platform Versions
Xerox Workcentre 7530	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Workcentre 7535 Firmware	Version 2013

Running on/with	Platform Versions
Xerox Workcentre 7535	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Workcentre 7545 Firmware	Version 2013

Running on/with	Platform Versions
Xerox Workcentre 7545	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Workcentre 7556 Firmware	Version 2013

Running on/with	Platform Versions
Xerox Workcentre 7556	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Workcentre 7755 Firmware	Version 2013

Running on/with	Platform Versions
Xerox Workcentre 7755	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Workcentre 7765 Firmware	Version 2013

Running on/with	Platform Versions
Xerox Workcentre 7765	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xerox Workcentre 7775 Firmware	Version 2013

Running on/with	Platform Versions
Xerox Workcentre 7775	All versions

Related CWEs

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (4)

http://firmware.re/usenixsec14/

Source: cve@mitre.org

ExploitThird Party Advisory

http://firmware.re/vulns/acsa-2013-005.php

Source: cve@mitre.org

ExploitVendor Advisory

http://firmware.re/usenixsec14/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

http://firmware.re/vulns/acsa-2013-005.php

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

Timeline

No history available yet.