Skip to main content

Important safety notice for the Utax P-C2655w MFP system

Potential safety implications:

XSS, CSRF, Path Traversal, Broken Access Control, Potential Buffer Overflow

Summary of Vulnerabilities:

Potential vulnerabilities have been identified in the Utax P-C2655wMFP system. The vulnerabilities can be exploited to perform cross-site scripting (XSS), cross-site request forgery (CSRF), path traversal, broken access control, or buffer overflow attacks.

Reference numbers:

CVE-2019-13195, CVE-2019-13196, CVE-2019-13197, CVE-2019-13198, CVE-2019-13199, CVE-2019-13200, CVE-2019-13201, CVE-2019-13202, CVE-2019-13203, CVE-2019-13204, CVE-2019-13205, CVE-2019-13206
Acknowledgements:
TA Triumph-Adler GmbH and Utax would like to thank the NCC Group for reporting these vulnerabilities, as it helps our company to optimize product safety.

Affected product and software update:

Please use the software version below, which fixes the security vulnerabilities. For more information on installing the updated software, please contact kontakt@utax.de.

Product Name: Utax P-C2655w MFP
Updated Software version: 2R7_2000.002.301

30. August 2019