Login Sign Up

CVE-2021-28673

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary commands on affected Xerox multifunction printers via a weaponized clone file in the Web User Interface. Attackers can gain full control of the device without authentication. Affected systems include numerous Xerox Phaser, WorkCentre, and VersaLink models with specific firmware versions.

💻 Affected Systems

Products:
  • Xerox Phaser 6510
  • Xerox WorkCentre 6515
  • Xerox VersaLink B400
  • Xerox VersaLink B405
  • Xerox VersaLink B600/B610
  • Xerox VersaLink B605/B615
  • Xerox VersaLink B7025/30/35
  • Xerox VersaLink C400
  • Xerox VersaLink C405
  • Xerox VersaLink C500/C600
  • Xerox VersaLink C505/C605
  • Xerox VersaLink C7000
  • Xerox VersaLink C7020/25/30
  • Xerox VersaLink C8000/C9000
Versions: See specific firmware versions in CVE description (e.g., Phaser 6510 before 64.61.23 and 64.59.11)
Operating Systems: Embedded printer firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in the Bridge component of affected firmware versions. All default configurations are vulnerable.

📦 What is this software?

Phaser 6510 Firmware by Xerox

View all CVEs affecting Phaser 6510 Firmware →

Phaser 6510 Firmware by Xerox

View all CVEs affecting Phaser 6510 Firmware →

Versalink B400 Firmware by Xerox

View all CVEs affecting Versalink B400 Firmware →

Versalink B400 Firmware by Xerox

View all CVEs affecting Versalink B400 Firmware →

Versalink B405 Firmware by Xerox

View all CVEs affecting Versalink B405 Firmware →

Versalink B405 Firmware by Xerox

View all CVEs affecting Versalink B405 Firmware →

Versalink B600 Firmware by Xerox

View all CVEs affecting Versalink B600 Firmware →

Versalink B600 Firmware by Xerox

View all CVEs affecting Versalink B600 Firmware →

Versalink B605 Firmware by Xerox

View all CVEs affecting Versalink B605 Firmware →

Versalink B605 Firmware by Xerox

View all CVEs affecting Versalink B605 Firmware →

Versalink B610 Firmware by Xerox

View all CVEs affecting Versalink B610 Firmware →

Versalink B610 Firmware by Xerox

View all CVEs affecting Versalink B610 Firmware →

Versalink B615 Firmware by Xerox

View all CVEs affecting Versalink B615 Firmware →

Versalink B615 Firmware by Xerox

View all CVEs affecting Versalink B615 Firmware →

Versalink B7025 Firmware by Xerox

View all CVEs affecting Versalink B7025 Firmware →

Versalink B7025 Firmware by Xerox

View all CVEs affecting Versalink B7025 Firmware →

Versalink B7030 Firmware by Xerox

View all CVEs affecting Versalink B7030 Firmware →

Versalink B7030 Firmware by Xerox

View all CVEs affecting Versalink B7030 Firmware →

Versalink B7035 Firmware by Xerox

View all CVEs affecting Versalink B7035 Firmware →

Versalink B7035 Firmware by Xerox

View all CVEs affecting Versalink B7035 Firmware →

Versalink C400 Firmware by Xerox

View all CVEs affecting Versalink C400 Firmware →

Versalink C400 Firmware by Xerox

View all CVEs affecting Versalink C400 Firmware →

Versalink C405 Firmware by Xerox

View all CVEs affecting Versalink C405 Firmware →

Versalink C405 Firmware by Xerox

View all CVEs affecting Versalink C405 Firmware →

Versalink C500 Firmware by Xerox

View all CVEs affecting Versalink C500 Firmware →

Versalink C500 Firmware by Xerox

View all CVEs affecting Versalink C500 Firmware →

Versalink C505 Firmware by Xerox

View all CVEs affecting Versalink C505 Firmware →

Versalink C505 Firmware by Xerox

View all CVEs affecting Versalink C505 Firmware →

Versalink C600 Firmware by Xerox

View all CVEs affecting Versalink C600 Firmware →

Versalink C600 Firmware by Xerox

View all CVEs affecting Versalink C600 Firmware →

Versalink C605 Firmware by Xerox

View all CVEs affecting Versalink C605 Firmware →

Versalink C605 Firmware by Xerox

View all CVEs affecting Versalink C605 Firmware →

Versalink C7000 Firmware by Xerox

View all CVEs affecting Versalink C7000 Firmware →

Versalink C7000 Firmware by Xerox

View all CVEs affecting Versalink C7000 Firmware →

Versalink C7020 Firmware by Xerox

View all CVEs affecting Versalink C7020 Firmware →

Versalink C7020 Firmware by Xerox

View all CVEs affecting Versalink C7020 Firmware →

Versalink C7025 Firmware by Xerox

View all CVEs affecting Versalink C7025 Firmware →

Versalink C7025 Firmware by Xerox

View all CVEs affecting Versalink C7025 Firmware →

Versalink C7030 Firmware by Xerox

View all CVEs affecting Versalink C7030 Firmware →

Versalink C7030 Firmware by Xerox

View all CVEs affecting Versalink C7030 Firmware →

Versalink C8000 Firmware by Xerox

View all CVEs affecting Versalink C8000 Firmware →

Versalink C8000 Firmware by Xerox

View all CVEs affecting Versalink C8000 Firmware →

Versalink C9000 Firmware by Xerox

View all CVEs affecting Versalink C9000 Firmware →

Versalink C9000 Firmware by Xerox

View all CVEs affecting Versalink C9000 Firmware →

Workcentre 6515 Firmware by Xerox

View all CVEs affecting Workcentre 6515 Firmware →

Workcentre 6515 Firmware by Xerox

View all CVEs affecting Workcentre 6515 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the printer allowing attackers to execute arbitrary commands, potentially leading to lateral movement into the network, data exfiltration, or deployment of persistent malware.

🟠

Likely Case

Attackers gain control of the printer to use it as a foothold for network reconnaissance, credential harvesting, or launching attacks against other internal systems.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to the printer itself, though it could still be used for denial of service or local data compromise.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability requires a weaponized clone file but no authentication. Attack complexity is low once the exploit method is known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: See specific fixed versions in CVE description (e.g., Phaser 6510 version 64.61.23 or 64.59.11)

Vendor Advisory: https://securitydocs.business.xerox.com/wp-content/uploads/2020/06/cert_Security_Mini_Bulletin_XRX20K_for_PH6510_WC6515_VLB4xx_C4xx_B6XX_B70xx_C5xx_C6xx_C7xxx.pdf

Restart Required: Yes

Instructions:

1. Identify affected printer models and current firmware versions. 2. Download appropriate firmware updates from Xerox support portal. 3. Apply firmware update following manufacturer instructions. 4. Reboot printer after update completion. 5. Verify new firmware version is installed.

🔧 Temporary Workarounds

Disable Web UI Access

all

Disable remote access to the printer's web interface to prevent exploitation

Network Segmentation

all

Place printers on isolated network segments with strict firewall rules

🧯 If You Can't Patch

  • Isolate affected printers from internet and critical internal networks using VLANs and firewall rules
  • Disable all unnecessary services and interfaces on the printers

🔍 How to Verify

Check if Vulnerable:

Check printer firmware version via web interface or device display against affected version ranges in CVE description

Check Version:

Access printer web interface at http://[printer-ip]/ or check device display for firmware version

Verify Fix Applied:

Verify firmware version has been updated to patched versions specified in vendor advisory

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads to printer web interface
  • Unexpected command execution events
  • Multiple failed authentication attempts followed by successful access

Network Indicators:

  • Unusual outbound connections from printer to external IPs
  • Suspicious HTTP requests to printer web interface from unexpected sources

SIEM Query:

source="printer_logs" AND (event="file_upload" OR event="command_execution")

📊 Metadata

CVE ID: CVE-2021-28673
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: March 29, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON