Lucene search

JpcertCVE-2023-38556

HistoryAug 02, 2023 - 8:15 a.m.

CVE-2023-38556

2023-08-0208:15:09

jpcert

web.nvd.nist.gov

cve-2023-38556

seiko epson

printer

web config

input validation

vulnerability

remote attacker

nvd

security

exploit

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.3

Confidence

High

EPSS

0.002

Percentile

53.9%

JSON

Improper input validation vulnerability in SEIKO EPSON printer Web Config allows a remote attacker to turned off the printer.
[Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers via a web browser. Web Config is pre-installed in some printers provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor.

Affected configurations

Nvd

Node

epsonep-801a_firmwareMatch-

AND

epsonep-801aMatch-

Node

epsonep-802a_firmwareMatch-

AND

epsonep-802aMatch-

Node

epsonep-901a_firmwareMatch-

AND

epsonep-901aMatch-

Node

epsonep-901f_firmwareMatch-

AND

epsonep-901fMatch-

Node

epsonep-902a_firmwareMatch-

AND

epsonep-902aMatch-

Node

epsonpa-tcu1_firmwareMatch-

AND

epsonpa-tcu1Match-

Node

epsonpm-t960_firmwareMatch-

AND

epsonpm-t960Match-

Node

epsonpm-t990_firmwareMatch-

AND

epsonpm-t990Match-

Node

epsonpx-201_firmwareMatch-

AND

epsonpx-201Match-

Node

epsonpx-502a_firmwareMatch-

AND

epsonpx-502aMatch-

Node

epsonpx-601f_firmwareMatch-

AND

epsonpx-601fMatch-

Node

epsonpx-602f_firmwareMatch-

AND

epsonpx-602fMatch-

VendorProductVersionCPE
epsonep-801a_firmware-cpe:2.3:o:epson:ep-801a_firmware:-:*:*:*:*:*:*:*
epsonep-801a-cpe:2.3:h:epson:ep-801a:-:*:*:*:*:*:*:*
epsonep-802a_firmware-cpe:2.3:o:epson:ep-802a_firmware:-:*:*:*:*:*:*:*
epsonep-802a-cpe:2.3:h:epson:ep-802a:-:*:*:*:*:*:*:*
epsonep-901a_firmware-cpe:2.3:o:epson:ep-901a_firmware:-:*:*:*:*:*:*:*
epsonep-901a-cpe:2.3:h:epson:ep-901a:-:*:*:*:*:*:*:*
epsonep-901f_firmware-cpe:2.3:o:epson:ep-901f_firmware:-:*:*:*:*:*:*:*
epsonep-901f-cpe:2.3:h:epson:ep-901f:-:*:*:*:*:*:*:*
epsonep-902a_firmware-cpe:2.3:o:epson:ep-902a_firmware:-:*:*:*:*:*:*:*
epsonep-902a-cpe:2.3:h:epson:ep-902a:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
epson	ep-801a_firmware	-	cpe:2.3:o:epson:ep-801a_firmware:-:::::::*
epson	ep-801a	-	cpe:2.3:h:epson:ep-801a:-:::::::*
epson	ep-802a_firmware	-	cpe:2.3:o:epson:ep-802a_firmware:-:::::::*
epson	ep-802a	-	cpe:2.3:h:epson:ep-802a:-:::::::*
epson	ep-901a_firmware	-	cpe:2.3:o:epson:ep-901a_firmware:-:::::::*
epson	ep-901a	-	cpe:2.3:h:epson:ep-901a:-:::::::*
epson	ep-901f_firmware	-	cpe:2.3:o:epson:ep-901f_firmware:-:::::::*
epson	ep-901f	-	cpe:2.3:h:epson:ep-901f:-:::::::*
epson	ep-902a_firmware	-	cpe:2.3:o:epson:ep-902a_firmware:-:::::::*
epson	ep-902a	-	cpe:2.3:h:epson:ep-902a:-:::::::*

Rows per page:

1-10 of 241

CNA Affected

[
  {
    "vendor": "SEIKO EPSON CORPORATION",
    "product": "SEIKO EPSON printer Web Config",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN61337171/

www.epson.jp/support/misc_t/230802_oshirase.htm

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.3

Confidence

High

EPSS

0.002

Percentile

53.9%

JSON

Related for CVE-2023-38556