5.4 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
7.1 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
12.8%
Successful exploitation of this vulnerability could allow an attacker to send specially crafted packets to change credentials without any prior authentication.
The following versions of Zebra ZTC industrial and desktop printers are affected:
3.2.1 Authentication Bypass Using an Alternate Path or Channel CWE-288
A vulnerability of authentication bypass has been found in Zebra Technologies ZTC Industrial ZT410 and ZTC Desktop GK420d. This vulnerability allows an attacker that is in the same network as the printer to change the username and password for the web page by sending a specially crafted POST request to the setvarsResults.cgi file. For this vulnerability to be exploitable, the printer’s protected mode must be disabled.
CVE-2023-4957 has been assigned to this vulnerability. A CVSS v3 base score of 5.4 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).
Phosphorus Cybersecurity reported this vulnerability to CISA.
Zebra printers running Link-OS v6.0 and later have a protected mode that protects the printer from this vulnerability. Activating this mode disables unauthorized changes and locks the current configuration until an administrator authorizes updates. By default, the secure mode is disabled as it is necessary to generate a password first.
For more information about the protected mode and to apply it to Zebra printer products that may be affected, see the Link-OS Printer Administration Guide.
NOTE: The ZT410 industrial printer was discontinued on Oct 1st, 2020. The service and support discontinuation dates are in September and December, 2025, depending on region. Further information regarding security settings and best practices, including “Protected Mode,” can be found in the references of the product.
NOTE: the GK420d desktop printer was discontinued on Jan 31, 2022. The service and support discontinuation date is April 30, 2025.
For more information on the product resources, see GK420d Desktop Printer Support Manual.
For more information on this vulnerability, see INCIBE-CERT’s Security Advisory.
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4957
cwe.mitre.org/data/definitions/288.html
github.com/cisagov/CSAF
public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138
twitter.com/CISAgov
twitter.com/intent/tweet?text=Zebra%20ZTC%20Industrial%20ZT400%20and%20ZTC%20Desktop%20GK420d+https://www.cisa.gov/news-events/ics-advisories/icsa-23-339-01
us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
www.cisa.gov/resources-tools/resources/ics-recommended-practices
www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf
www.cisa.gov/topics/industrial-control-systems
www.cisa.gov/topics/industrial-control-systems
www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B
www.dhs.gov
www.dhs.gov/foia
www.dhs.gov/performance-financial-reports
www.facebook.com/CISA
www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/ics-advisories/icsa-23-339-01&title=Zebra%20ZTC%20Industrial%20ZT400%20and%20ZTC%20Desktop%20GK420d
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
www.incibe.es/en/incibe-cert/notices/aviso-sci/authentication-bypass-zebra-ztc
www.instagram.com/cisagov
www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency
www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/ics-advisories/icsa-23-339-01
www.oig.dhs.gov/
www.surveymonkey.com/r/CISA-cyber-survey?product=https://www.cisa.gov/news-events/ics-advisories/icsa-23-339-01
www.usa.gov/
www.whitehouse.gov/
www.youtube.com/@cisagov
www.zebra.com/content/dam/zebra_new_ia/en-us/software-printer/utilities/en/admin-files/printsecure-administration-guide-en.pdf
www.zebra.com/us/en/support-downloads/printers/desktop/gk420d.html
mailto:?subject=Zebra%20ZTC%20Industrial%20ZT400%20and%20ZTC%20Desktop%20GK420d&body=www.cisa.gov/news-events/ics-advisories/icsa-23-339-01
5.4 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
7.1 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
12.8%