Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-28672

Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 6515 before 65.65.51 and 65.59.11 (Bridge), VersaLink B400 before 37.65.51 and 37.59.01 (Bridge), B405 before 38.65.51 and 38.59.01 (Bridge), B600/B610 before 32.65.51 and 32.59.01 (Bridge), B605/B615 before 33.65.51 and 33.59.01 (Bridge), B7025/30/35 before 58.65.51 and 58.59.11 (Bridge), C400 before 67.65.51 and 67.59.01 (Bridge), C405 before 68.65.51 and 68.59.01 (Bridge), C500/C600 before 61.65.51 and 61.59.01 (Bridge), C505/C605 before 62.65.51 and 62.59.01 (Bridge), C7000 before 56.65.51 and 56.59.01 (Bridge), C7020/25/30 before 57.65.51 and 57.59.01 (Bridge), C8000/C9000 before 70.65.51 and 70.59.01 (Bridge), C8000W before 72.65.51 allows remote attackers to execute arbitrary code through a buffer overflow in Web page parameter handling.

Security Impact Summary

This vulnerability carries a CRITICAL severity rating with a CVSS v3.1 score of 9.8, indicating it can be exploited remotely over the network with relatively low complexity without requiring user interaction and does not require pre-existing privileges . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and availability (service disruption) for affected systems. Impacting 48 products from xerox, from xerox, from xerox and 45 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2021, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2021-03-29T21:15:13.593

Last Modified

2024-11-21T06:00:04.843

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-120

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	xerox	phaser_6510_firmware	< 64.59.11	Yes
Hardware	xerox	phaser_6510	-	No
Operating System	xerox	workcentre_6515_firmware	< 65.59.11	Yes
Hardware	xerox	workcentre_6515	-	No
Operating System	xerox	versalink_b400_firmware	< 37.59.01	Yes
Hardware	xerox	versalink_b400	-	No
Operating System	xerox	versalink_b405_firmware	< 38.59.01	Yes
Hardware	xerox	versalink_b405	-	No
Operating System	xerox	versalink_b600_firmware	< 32.59.01	Yes
Hardware	xerox	versalink_b600	-	No
Operating System	xerox	versalink_b610_firmware	< 32.59.01	Yes
Hardware	xerox	versalink_b610	-	No
Operating System	xerox	versalink_b605_firmware	< 33.59.01	Yes
Hardware	xerox	versalink_b605	-	No
Operating System	xerox	versalink_b615_firmware	< 33.59.01	Yes
Hardware	xerox	versalink_b615	-	No
Operating System	xerox	versalink_b7025_firmware	< 58.59.11	Yes
Hardware	xerox	versalink_b7025	-	No
Operating System	xerox	versalink_b7030_firmware	< 58.59.11	Yes
Hardware	xerox	versalink_b7030	-	No
Operating System	xerox	versalink_b7035_firmware	< 58.59.11	Yes
Hardware	xerox	versalink_b7035	-	No
Operating System	xerox	versalink_c400_firmware	< 67.59.01	Yes
Hardware	xerox	versalink_c400	-	No
Operating System	xerox	versalink_c405_firmware	< 68.59.01	Yes
Hardware	xerox	versalink_c405	-	No
Operating System	xerox	versalink_c500_firmware	< 61.59.01	Yes
Hardware	xerox	versalink_c500	-	No
Operating System	xerox	versalink_c600_firmware	< 61.59.01	Yes
Hardware	xerox	versalink_c600	-	No
Operating System	xerox	versalink_c505_firmware	< 62.59.01	Yes
Hardware	xerox	versalink_c505	-	No
Operating System	xerox	versalink_c605_firmware	< 62.59.01	Yes
Hardware	xerox	versalink_c605	-	No
Operating System	xerox	versalink_c7000_firmware	< 56.59.01	Yes
Hardware	xerox	versalink_c7000	-	No
Operating System	xerox	versalink_c7020_firmware	< 57.59.01	Yes
Hardware	xerox	versalink_c7020	-	No
Operating System	xerox	versalink_c7025_firmware	< 57.59.01	Yes
Hardware	xerox	versalink_c7025	-	No
Operating System	xerox	versalink_c7030_firmware	< 57.59.01	Yes
Hardware	xerox	versalink_c7030	-	No
Operating System	xerox	versalink_c8000_firmware	< 70.59.01	Yes
Hardware	xerox	versalink_c8000	-	No
Operating System	xerox	versalink_c9000_firmware	< 70.59.01	Yes
Hardware	xerox	versalink_c9000	-	No
Operating System	xerox	phaser_6510_firmware	< 64.65.51	Yes
Hardware	xerox	phaser_6510	-	No
Operating System	xerox	workcentre_6515_firmware	< 65.65.51	Yes
Hardware	xerox	workcentre_6515	-	No
Operating System	xerox	versalink_b400_firmware	< 37.65.51	Yes
Hardware	xerox	versalink_b400	-	No
Operating System	xerox	versalink_b405_firmware	< 38.65.51	Yes
Hardware	xerox	versalink_b405	-	No
Operating System	xerox	versalink_b610_firmware	< 32.65.51	Yes
Hardware	xerox	versalink_b610	-	No
Operating System	xerox	versalink_b605_firmware	< 33.65.51	Yes
Hardware	xerox	versalink_b605	-	No
Operating System	xerox	versalink_b615_firmware	< 33.65.51	Yes
Hardware	xerox	versalink_b615	-	No
Operating System	xerox	versalink_b7025_firmware	< 58.65.51	Yes
Hardware	xerox	versalink_b7025	-	No
Operating System	xerox	versalink_c400_firmware	< 67.65.51	Yes
Hardware	xerox	versalink_c400	-	No
Operating System	xerox	versalink_c405_firmware	< 68.65.51	Yes
Hardware	xerox	versalink_c405	-	No
Operating System	xerox	versalink_c500_firmware	< 61.65.51	Yes
Hardware	xerox	versalink_c500	-	No
Operating System	xerox	versalink_c600_firmware	< 61.65.51	Yes
Hardware	xerox	versalink_c600	-	No
Operating System	xerox	versalink_c505_firmware	< 62.65.51	Yes
Hardware	xerox	versalink_c505	-	No
Operating System	xerox	versalink_c605_firmware	< 62.65.51	Yes
Hardware	xerox	versalink_c605	-	No
Operating System	xerox	versalink_c7000_firmware	< 56.65.51	Yes
Hardware	xerox	versalink_c7000	-	No
Operating System	xerox	versalink_c7020_firmware	< 57.65.51	Yes
Hardware	xerox	versalink_c7020	-	No
Operating System	xerox	versalink_c7025_firmware	< 57.65.51	Yes
Hardware	xerox	versalink_c7025	-	No
Operating System	xerox	versalink_c7030_firmware	< 57.65.51	Yes
Hardware	xerox	versalink_c7030	-	No
Operating System	xerox	versalink_c8000_firmware	< 70.65.51	Yes
Hardware	xerox	versalink_c8000	-	No
Operating System	xerox	versalink_c9000_firmware	< 70.65.51	Yes
Hardware	xerox	versalink_c9000	-	No
Operating System	xerox	versalink_c8000w_firmware	< 72.65.51	Yes
Hardware	xerox	versalink_c8000w	-	No
Operating System	xerox	versalink_b600_firmware	< 32.65.51	Yes
Hardware	xerox	versalink_b600	-	No
Operating System	xerox	versalink_b7030_firmware	< 58.65.51	Yes
Hardware	xerox	versalink_b7030	-	No
Operating System	xerox	versalink_b7035_firmware	< 58.65.51	Yes
Hardware	xerox	versalink_b7035	-	No

References

https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX21D_for_PH6510_WC6515_VersaLink-1.pdf Vendor Advisory ([email protected])
https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX21D_for_PH6510_WC6515_VersaLink-1.pdf Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For xerox's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.