Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Xerox VersaLink devices on specific versions of firmware before 2022-01-26 allow remote attackers to brick the device via a crafted TIFF file in an unauthenticated HTTP POST request. There is a permanent denial of service because image parsing causes a reboot, but image parsing is restarted as soon as the boot process finishes. However, this boot loop can be resolved by a field technician. The TIFF file must have an incomplete Image Directory. Affected firmware versions include xx.42.01 and xx.50.61. NOTE: the 2022-01-24 NeoSmart article included "believed to affect all previous and later versions as of the date of this posting" but a 2022-01-26 vendor statement reports "the latest versions of firmware are not vulnerable to this issue."
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Xerox VersaLink 安全漏洞
Vulnerability Description
Xerox VersaLink是美国Xerox公司的一系列商用打印机。 Xerox VersaLink devices存在安全漏洞,该漏洞源于特定版本的固件缺少对于HTTP POST请求中的文件的验证,允许远程攻击者可利用该漏洞通过未经认证的HTTP POST请求中精心制作的TIFF文件使设备瘫痪。因为映像解析会导致重新启动,所以会导致永久拒绝服务,但是一旦引导过程结束,映像解析就会重新启动。
CVSS Information
N/A
Vulnerability Type
N/A