| VID |
29002 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Tektronix PhaserLink Web server allows access to admin interface with no authentication.
Tektronix PhaserLink Web server is a built-in Web server shipped with Tektronix Phaser 7xx, 8xx, and 9xx series network printers that allow administrators to access the admin interface.
Due to no authentication requirement present when connecting to the Web server, a remote attacker could request a special URL to view the administrator configuration pages such as _ncl_subjects.shtml and _ncl_items.shtml and set the Shutdown option to "Emergency Power Off" to cause the printer to shut down without cooling the ink/crayon reservoir, causing physical damage to the printer. |
| Recommendation |
No remedy available as of April 2001. Filter incoming traffic to port 80 to this device.
* The webpage related to the products: http://www.officeprinting.xerox.com/products/ |
| Related URL |
CVE-2001-0484 (CVE) |
| Related URL |
2659 (SecurityFocus) |
| Related URL |
6482 (ISS) |
|
