# Exploit Title: Océ Colorwave 500 printer: Multiple vulnerabilities
# Exploit Author: Giuseppe Calì, Marco Ortisi
# Authors blog:
# Vendor Homepage:
# Software Link:
# Version:
# CVE: 2020-10667, 2020-10668, 2020-10669, 2020-10670, 2020-10671

We have recently registered five CVE(s) affecting the Oce Colorwave 500 

CVE-2020-10669 is an authentication bypass allowing an attacker to 
documents that have been uploaded to the printer. As the documents 
remain stored
in the system even after they have been printed (depending on the 
configuration), a malicious insider may be able to access documents 
printed in
the past.

CVE-2020-10667 is a Stored XSS on the 

CVE-2020-10668 and CVE-10670 are two Reflected XSS on pages “/home.jsp” 

Finally CVE-10671 is a system-wide CSRF due to the absence of any form 
of nonce
or countermeasure protecting against Cross Site Request Forgery.

More details and full story here:

# [2020-03-22]  #