18 matches found
EPSON WF-2861 Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2018-18959)
An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. On the 'Air Print Setting' web page, if the data for 'Bonjour Service Location' at /PRESENTATION/BONJOUR is more than 251 bytes when sending data for Air Print Setting, then the device no longe...
EPSON WF-2861 Denial of Service (CVE-2018-19232)
The web service on Epson WorkForce WF-2861 10.48 LQ22I3Recovery- mode, WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to cause a denial of service via a FIRMWAREUPDATE GET request, as demonstrated by the /DOWN/FIRMWAREUPDATE/ROM1 URI. This plugin only works with...
EPSON WF-2861 Uncontrolled Resource Consumption (CVE-2018-18960)
An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. They use SNMP to find certain devices on the network, but the default version is v2c, allowing an amplification attack. This plugin only works with Tenable.ot. Please visit...
EPSON WF-2861 Missing Authentication for Critical Function (CVE-2018-19248)
The web service on Epson WorkForce WF-2861 10.48 LQ22I3Recovery- mode, WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to upload a firmware file and reset the printer without authentication by making a request to the /DOWN/FIRMWAREUPDATE/ROM1 URI and a POST request ...
Authentication flaw
The web service on Epson WorkForce WF-2861 10.48 LQ22I3Recovery-mode, WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to upload a firmware file and reset the printer without authentication by making a request to the /DOWN/FIRMWAREUPDATE/ROM1 URI and a POST request t...
CVE-2018-19248
The web service on Epson WorkForce WF-2861 10.48 LQ22I3Recovery-mode, WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to upload a firmware file and reset the printer without authentication by making a request to the /DOWN/FIRMWAREUPDATE/ROM1 URI and a POST request t...
Cross site request forgery (csrf)
The web service on Epson WorkForce WF-2861 10.48 LQ22I3Recovery-mode, WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to cause a denial of service via a FIRMWAREUPDATE GET request, as demonstrated by the /DOWN/FIRMWAREUPDATE/ROM1 URI...
CVE-2018-19232
The web service on Epson WorkForce WF-2861 10.48 LQ22I3Recovery-mode, WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to cause a denial of service via a FIRMWAREUPDATE GET request, as demonstrated by the /DOWN/FIRMWAREUPDATE/ROM1 URI...
CVE-2018-18959
An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. On the 'Air Print Setting' web page, if the data for 'Bonjour Service Location' at /PRESENTATION/BONJOUR is more than 251 bytes when sending data for Air Print Setting, then the device no longe...
CVE-2018-19248
The web service on Epson WorkForce WF-2861 10.48 LQ22I3Recovery-mode, WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to upload a firmware file and reset the printer without authentication by making a request to the /DOWN/FIRMWAREUPDATE/ROM1 URI and a POST request t...
Design/Logic Flaw
An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. On the 'Air Print Setting' web page, if the data for 'Bonjour Service Location' at /PRESENTATION/BONJOUR is more than 251 bytes when sending data for Air Print Setting, then the device no longe...
CVE-2018-19232
The web service on Epson WorkForce WF-2861 10.48 LQ22I3Recovery-mode, WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to cause a denial of service via a FIRMWAREUPDATE GET request, as demonstrated by the /DOWN/FIRMWAREUPDATE/ROM1 URI...
CVE-2018-19232
The CVE concerns Epson WorkForce WF-2861 devices with firmware versions 10.48 LQ22I3(Recovery-mode), 10.51.LQ20I6, and 10.52.LQ17IA. The vulnerability is exposed in the device's web service and leads to a denial of service via a FIRMWAREUPDATE GET request, demonstrated by the /DOWN/FIRMWAREUPDATE...
CVE-2018-18960
The CVE-2018-18960 entry affects Epson WorkForce WF-2861 devices (10.48 LQ22I3, 10.51.LQ20I6, 10.52.LQ17IA). The issue stems from using SNMP to discover devices on the network with the default v2c community, enabling an amplification attack. The connected Nessus plugin reiterates the amplificatio...
CVE-2018-18959
An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. On the 'Air Print Setting' web page, if the data for 'Bonjour Service Location' at /PRESENTATION/BONJOUR is more than 251 bytes when sending data for Air Print Setting, then the device no longe...
CVE-2018-18959
The CVE-2018-18959 issue affects Epson WorkForce WF-2861 devices (10.48 LQ22I3, 10.51.LQ20I6, 10.52.LQ17IA). On the Air Print Setting page, if the data for Bonjour Service Location at /PRESENTATION/BONJOUR exceeds 251 bytes during data submission, the device becomes unusable until a reboot. This ...
CVE-2018-19248
The web service on Epson WorkForce WF-2861 10.48 LQ22I3Recovery-mode, WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to upload a firmware file and reset the printer without authentication by making a request to the /DOWN/FIRMWAREUPDATE/ROM1 URI and a POST request t...
CVE-2018-19248
The CVE affects Epson WorkForce WF-2861 devices (versions 10.48 LQ22I3 Recovery-mode, 10.51.LQ20I6, 10.52.LQ17IA) where a missing-authentication flaw in the web service allows remote attackers to upload a firmware file and reset the printer. Attack requires requests to /DOWN/FIRMWAREUPDATE/ROM1 a...