Lucene search

INCIBECVELIST:CVE-2023-4957

HistoryOct 11, 2023 - 1:21 p.m.

CVE-2023-4957 Authentication Bypass on Zebra ZTC

2023-10-1113:21:32

CWE-288

INCIBE

www.cve.org

cve-2023-4957

zebra technologies

authentication bypass

ztc zt410-203dpi

vulnerability

network security

5.4 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

0.0004 Low

EPSS

Percentile

12.9%

JSON

A vulnerability of authentication bypass has been found on a Zebra Technologies ZTC ZT410-203dpi ZPL printer. This vulnerability allows an attacker that is in the same network as the printer, to change the username and password for the Web Page by sending a specially crafted POST request to the setvarsResults.cgi file. For this vulnerability to be exploitable, the printers protected mode must be disabled.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ZTC ZT410",
    "vendor": "Zebra Technologies",
    "versions": [
      {
        "status": "affected",
        "version": "203dpi ZPL 18J150703184"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso-sci/authentication-bypass-zebra-ztc

5.4 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

0.0004 Low

EPSS

Percentile

12.9%

JSON

Related for CVELIST:CVE-2023-4957