CVE-2022-36133

2022-11-25T06:15:00

Description

The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500 allows authentication bypass.

Affected Software

CPE Name	Name	Version
epson:tm-c3500_firmware	epson tm-c3500 firmware	wam31500
epson:tm-c3510_firmware	epson tm-c3510 firmware	wam31500
epson:tm-c3520_firmware	epson tm-c3520 firmware	wam31500
epson:tm-c7500_firmware	epson tm-c7500 firmware	wam31500
epson:tm-c7500g_firmware	epson tm-c7500g firmware	wam31500
epson:tm-c7510_firmware	epson tm-c7510 firmware	wam31500
epson:tm-c7510g_firmware	epson tm-c7510g firmware	wam31500
epson:tm-c7520_firmware	epson tm-c7520 firmware	wam31500
epson:tm-c7520g_firmware	epson tm-c7520g firmware	wam31500

{"id": "CVE-2022-36133", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2022-36133", "description": "The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500 allows authentication bypass.", "published": "2022-11-25T06:15:00", "modified": "2022-11-30T20:49:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.2}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36133", "reporter": "cve@mitre.org", "references": ["https://download.epson-biz.com/epson/epson_public_document.php?name=Infomation_history.pdf", "https://download.epson-biz.com/modules/colorworks/"], "cvelist": ["CVE-2022-36133"], "immutableFields": [], "lastseen": "2022-11-30T21:40:26", "viewCount": 11, "enchantments": {"score": {"value": 4.7, "vector": "NONE"}, "twitter": {"counter": 6, "tweets": [{"link": "https://twitter.com/www_sesin_at/status/1596100190477471744", "text": "New post from https://t.co/9KYxtdZjkl (CVE-2022-36133) has been published on https://t.co/43YU1rjRa6", "author": "www_sesin_at", "author_photo": "https://pbs.twimg.com/profile_images/958100963822329858/fb_N8h5n_400x400.jpg"}, {"link": "https://twitter.com/WolfgangSesin/status/1596100188329869312", "text": "New post from https://t.co/uXvPWJy6tj (CVE-2022-36133) has been published on https://t.co/uvOUEgcJgx", "author": "WolfgangSesin", "author_photo": "https://pbs.twimg.com/profile_images/957011635369054208/Om3jbj7z_400x400.jpg"}, {"link": "https://twitter.com/threatmeter/status/1596169528786169856", "text": "CVE-2022-36133 | Epson TM-C3500/TM-C7500 WAM31500 improper authentication A vulnerability was found in Epson TM-C3500 and TM-C7500 WAM31500. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation le\u2026 https://t.co/Xj0iPWQKIH", "author": "threatmeter", "author_photo": "https://pbs.twimg.com/profile_images/637160052617379840/VTN_Q4tL_400x400.jpg"}, {"link": "https://twitter.com/ColorTokensInc/status/1596169557739245568", "text": "Emerging Vulnerability Found CVE-2022-36133 - The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500 allows authentication bypass.\n\nSee https://t.co/2nU799vlMn", "author": "ColorTokensInc", "author_photo": "https://pbs.twimg.com/profile_images/1505854942875365380/yihNDIfa_400x400.jpg"}]}, "vulnersScore": 4.7}, "_state": {"dependencies": 1669844481, "score": 1669844715, "twitter": 0, "affected_software_major_version": 1671611801}, "_internal": {"score_hash": "aefc2f5cb4209580644f1d46d227cc70"}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/o:epson:tm-c3510_firmware:wam31500", "cpe:/o:epson:tm-c3500_firmware:wam31500", "cpe:/o:epson:tm-c7500_firmware:wam31500", "cpe:/o:epson:tm-c7520g_firmware:wam31500", "cpe:/o:epson:tm-c3520_firmware:wam31500", "cpe:/o:epson:tm-c7510_firmware:wam31500", "cpe:/o:epson:tm-c7510g_firmware:wam31500", "cpe:/o:epson:tm-c7520_firmware:wam31500", "cpe:/o:epson:tm-c7500g_firmware:wam31500"], "cpe23": ["cpe:2.3:o:epson:tm-c7510_firmware:wam31500:*:*:*:*:*:*:*", "cpe:2.3:o:epson:tm-c3510_firmware:wam31500:*:*:*:*:*:*:*", "cpe:2.3:o:epson:tm-c7520g_firmware:wam31500:*:*:*:*:*:*:*", "cpe:2.3:o:epson:tm-c3520_firmware:wam31500:*:*:*:*:*:*:*", "cpe:2.3:o:epson:tm-c7500g_firmware:wam31500:*:*:*:*:*:*:*", "cpe:2.3:o:epson:tm-c7520_firmware:wam31500:*:*:*:*:*:*:*", "cpe:2.3:o:epson:tm-c7500_firmware:wam31500:*:*:*:*:*:*:*", "cpe:2.3:o:epson:tm-c3500_firmware:wam31500:*:*:*:*:*:*:*", "cpe:2.3:o:epson:tm-c7510g_firmware:wam31500:*:*:*:*:*:*:*"], "cwe": ["CWE-287"], "affectedSoftware": [{"cpeName": "epson:tm-c3500_firmware", "version": "wam31500", "operator": "eq", "name": "epson tm-c3500 firmware"}, {"cpeName": "epson:tm-c3510_firmware", "version": "wam31500", "operator": "eq", "name": "epson tm-c3510 firmware"}, {"cpeName": "epson:tm-c3520_firmware", "version": "wam31500", "operator": "eq", "name": "epson tm-c3520 firmware"}, {"cpeName": "epson:tm-c7500_firmware", "version": "wam31500", "operator": "eq", "name": "epson tm-c7500 firmware"}, {"cpeName": "epson:tm-c7500g_firmware", "version": "wam31500", "operator": "eq", "name": "epson tm-c7500g firmware"}, {"cpeName": "epson:tm-c7510_firmware", "version": "wam31500", "operator": "eq", "name": "epson tm-c7510 firmware"}, {"cpeName": "epson:tm-c7510g_firmware", "version": "wam31500", "operator": "eq", "name": "epson tm-c7510g firmware"}, {"cpeName": "epson:tm-c7520_firmware", "version": "wam31500", "operator": "eq", "name": "epson tm-c7520 firmware"}, {"cpeName": "epson:tm-c7520g_firmware", "version": "wam31500", "operator": "eq", "name": "epson tm-c7520g firmware"}], "affectedConfiguration": [{"name": "epson tm-c3500", "cpeName": "epson:tm-c3500", "version": "-", "operator": "eq"}, {"name": "epson tm-c3510", "cpeName": "epson:tm-c3510", "version": "-", "operator": "eq"}, {"name": "epson tm-c3520", "cpeName": "epson:tm-c3520", "version": "-", "operator": "eq"}, {"name": "epson tm-c7500", "cpeName": "epson:tm-c7500", "version": "-", "operator": "eq"}, {"name": "epson tm-c7500g", "cpeName": "epson:tm-c7500g", "version": "-", "operator": "eq"}, {"name": "epson tm-c7510", "cpeName": "epson:tm-c7510", "version": "-", "operator": "eq"}, {"name": "epson tm-c7510g", "cpeName": "epson:tm-c7510g", "version": "-", "operator": "eq"}, {"name": "epson tm-c7520", "cpeName": "epson:tm-c7520", "version": "-", "operator": "eq"}, {"name": "epson tm-c7520g", "cpeName": "epson:tm-c7520g", "version": "-", "operator": "eq"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:epson:tm-c3500_firmware:wam31500:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:epson:tm-c3500:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:epson:tm-c3510_firmware:wam31500:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:epson:tm-c3510:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:epson:tm-c3520_firmware:wam31500:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:epson:tm-c3520:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:epson:tm-c7500_firmware:wam31500:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:epson:tm-c7500:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:epson:tm-c7500g_firmware:wam31500:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:epson:tm-c7500g:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:epson:tm-c7510_firmware:wam31500:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:epson:tm-c7510:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:epson:tm-c7510g_firmware:wam31500:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:epson:tm-c7510g:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:epson:tm-c7520_firmware:wam31500:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:epson:tm-c7520:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:epson:tm-c7520g_firmware:wam31500:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:epson:tm-c7520g:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}]}, "extraReferences": [{"url": "https://download.epson-biz.com/epson/epson_public_document.php?name=Infomation_history.pdf", "name": "https://download.epson-biz.com/epson/epson_public_document.php?name=Infomation_history.pdf", "refsource": "MISC", "tags": ["Vendor Advisory"]}, {"url": "https://download.epson-biz.com/modules/colorworks/", "name": "https://download.epson-biz.com/modules/colorworks/", "refsource": "MISC", "tags": ["Product", "Vendor Advisory"]}]}

{"cnvd": [{"lastseen": "2022-12-07T11:23:57", "description": "The Epson TM-C3500 and Epson TM-C7500 are both printers from Epson Japan, and a security vulnerability exists in the Epson TM-C3500 and TM-C7500 firmware version WAM31500, which can be exploited to bypass authentication.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-11-29T00:00:00", "type": "cnvd", "title": "Epson TM-C3500 and TM-C7500 have unspecified vulnerabilities", "bulletinFamily": "cnvd", "cvss2": {}, "cvelist": ["CVE-2022-36133"], "modified": "2022-12-07T00:00:00", "id": "CNVD-2022-85506", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-85506", "cvss": {"score": 0.0, "vector": "NONE"}}]}

CVE-2022-36133

Description

Affected Software

Related