Cross site request forgery (csrf)

2018-12-2417:29:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.5%

JSON

The web service on Epson WorkForce WF-2861 10.48 LQ22I3(Recovery-mode), WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to cause a denial of service via a FIRMWAREUPDATE GET request, as demonstrated by the /DOWN/FIRMWAREUPDATE/ROM1 URI.

CPENameOperatorVersion
epson_workforce_wf-2861_firmwareeq10.48.0-lq22-i3
epson_workforce_wf-2861_firmwareeq10.51.0-lq20-i6
epson_workforce_wf-2861_firmwareeq10.52.0-lq17-ia