JVN#89767228: Multiple vulnerabilities in multiple SEIKO EPSON printers and scanners

Multiple printers and scanners provided by SEIKO EPSON CORPORATION contain multiple vulnerabilities listed below.

Open Redirect (CWE-601) - CVE-2018-0688

HTTP header injection (CWE-113) - CVE-2018-0689

Impact

• The product’s web interface may be abused to redirect web browsers to any web site. - CVE-2018-0688
• The product’s web interface may be abused to show fake information or execute arbitrary script on web browsers. - CVE-2018-0689

Solution

Update the Firmware
Apply the firmware update according to the information provided by the developer.

Products Affected

• DS-570W firmware versions released prior to March 13, 2018
• DS-780N firmware versions released prior to March 13, 2018
• EP-10VA firmware versions released prior to September 4, 2017
• EP-30VA firmware versions released prior to June 19, 2017
• EP-707A firmware versions released prior to August 1, 2017
• EP-708A firmware versions released prior to August 7, 2017
• EP-709A firmware versions released prior to June 12, 2017
• EP-777A firmware versions released prior to August 1, 2017
• EP-807AB/AW/AR firmware versions released prior to August 1, 2017
• EP-808AB/AW/AR firmware versions released prior to August 7, 2017
• EP-879AB/AW/AR firmware versions released prior to June 12, 2017
• EP-907F firmware versions released prior to August 1, 2017
• EP-977A3 firmware versions released prior to August 1, 2017
• EP-978A3 firmware versions released prior to August 7, 2017
• EP-979A3 firmware versions released prior to June 12, 2017
• EP-M570T firmware versions released prior to September 6, 2017
• EW-M5071FT firmware versions released prior to November 2, 2017
• EW-M660FT firmware versions released prior to April 19, 2018
• EW-M770T firmware versions released prior to September 6, 2017
• PF-70 firmware versions released prior to April 20, 2018
• PF-71 firmware versions released prior to July 18, 2017
• PF-81 firmware versions released prior to September 14, 2017
• PX-048A firmware versions released prior to July 4, 2017
• PX-049A firmware versions released prior to September 11, 2017
• PX-437A firmware versions released prior to July 24, 2017
• PX-M350F firmware versions released prior to February 23, 2018
• PX-M5040F firmware versions released prior to November 20, 2017
• PX-M5041F firmware versions released prior to November 20, 2017
• PX-M650A firmware versions released prior to October 17, 2017
• PX-M650F firmware versions released prior to October 17, 2017
• PX-M680F firmware versions released prior to June 29, 2017
• PX-M7050F firmware versions released prior to October 13, 2017
• PX-M7050FP firmware versions released prior to October 13, 2017
• PX-M7050FX firmware versions released prior to November 7, 2017
• PX-M7070FX firmware versions released prior to April 27, 2017
• PX-M740F firmware versions released prior to December 4, 2017
• PX-M741F firmware versions released prior to December 4, 2017
• PX-M780F firmware versions released prior to June 29, 2017
• PX-M781F firmware versions released prior to June 27, 2017
• PX-M840F firmware versions released prior to November 16, 2017
• PX-M840FX firmware versions released prior to December 8, 2017
• PX-M860F firmware versions released prior to October 25, 2017
• PX-S05B/W firmware versions released prior to March 9, 2018
• PX-S350 firmware versions released prior to February 23, 2018
• PX-S5040 firmware versions released prior to November 20, 2017
• PX-S7050 firmware versions released prior to February 21, 2018
• PX-S7050PS firmware versions released prior to February 21, 2018
• PX-S7050X firmware versions released prior to November 7, 2017
• PX-S7070X firmware versions released prior to April 27, 2017
• PX-S740 firmware versions released prior to December 3, 2017
• PX-S840 firmware versions released prior to November 16, 2017
• PX-S840X firmware versions released prior to December 8, 2017
• PX-S860 firmware versions released prior to December 7, 2017
  For details, refer to the information provided by the developer.