22 matches found
EPSON WF-2861 Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2018-18959)
An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. On the 'Air Print Setting' web page, if the data for 'Bonjour Service Location' at /PRESENTATION/BONJOUR is more than 251 bytes when sending data for Air Print Setting, then the device no longe...
EPSON WF-2861 Denial of Service (CVE-2018-19232)
The web service on Epson WorkForce WF-2861 10.48 LQ22I3Recovery- mode, WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to cause a denial of service via a FIRMWAREUPDATE GET request, as demonstrated by the /DOWN/FIRMWAREUPDATE/ROM1 URI. This plugin only works with...
EPSON WF-2861 Missing Authentication for Critical Function (CVE-2018-19248)
The web service on Epson WorkForce WF-2861 10.48 LQ22I3Recovery- mode, WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to upload a firmware file and reset the printer without authentication by making a request to the /DOWN/FIRMWAREUPDATE/ROM1 URI and a POST request ...
EPSON WF-2861 Uncontrolled Resource Consumption (CVE-2018-18960)
An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. They use SNMP to find certain devices on the network, but the default version is v2c, allowing an amplification attack. This plugin only works with Tenable.ot. Please visit...
EUVD-2018-10663
Malware in sbrugna...
EUVD-2018-10664
Malware in sbrugna...
EUVD-2018-10941
Malware in sbrugna...
Authentication flaw
The web service on Epson WorkForce WF-2861 10.48 LQ22I3Recovery-mode, WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to upload a firmware file and reset the printer without authentication by making a request to the /DOWN/FIRMWAREUPDATE/ROM1 URI and a POST request t...
Cross site request forgery (csrf)
The web service on Epson WorkForce WF-2861 10.48 LQ22I3Recovery-mode, WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to cause a denial of service via a FIRMWAREUPDATE GET request, as demonstrated by the /DOWN/FIRMWAREUPDATE/ROM1 URI...
CVE-2018-19248
The web service on Epson WorkForce WF-2861 10.48 LQ22I3Recovery-mode, WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to upload a firmware file and reset the printer without authentication by making a request to the /DOWN/FIRMWAREUPDATE/ROM1 URI and a POST request t...
CVE-2018-19232
The web service on Epson WorkForce WF-2861 10.48 LQ22I3Recovery-mode, WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to cause a denial of service via a FIRMWAREUPDATE GET request, as demonstrated by the /DOWN/FIRMWAREUPDATE/ROM1 URI...
CVE-2018-18960
An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. They use SNMP to find certain devices on the network, but the default version is v2c, allowing an amplification attack...
CVE-2018-18959
An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. On the 'Air Print Setting' web page, if the data for 'Bonjour Service Location' at /PRESENTATION/BONJOUR is more than 251 bytes when sending data for Air Print Setting, then the device no longe...
CVE-2018-19232
The web service on Epson WorkForce WF-2861 10.48 LQ22I3Recovery-mode, WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to cause a denial of service via a FIRMWAREUPDATE GET request, as demonstrated by the /DOWN/FIRMWAREUPDATE/ROM1 URI...
Design/Logic Flaw
An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. On the 'Air Print Setting' web page, if the data for 'Bonjour Service Location' at /PRESENTATION/BONJOUR is more than 251 bytes when sending data for Air Print Setting, then the device no longe...
Design/Logic Flaw
An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. They use SNMP to find certain devices on the network, but the default version is v2c, allowing an amplification attack...
CVE-2018-19232
The web service on Epson WorkForce WF-2861 10.48 LQ22I3Recovery-mode, WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to cause a denial of service via a FIRMWAREUPDATE GET request, as demonstrated by the /DOWN/FIRMWAREUPDATE/ROM1 URI...
CVE-2018-18960
The CVE-2018-18960 entry affects Epson WorkForce WF-2861 devices (10.48 LQ22I3, 10.51.LQ20I6, 10.52.LQ17IA). The issue stems from using SNMP to discover devices on the network with the default v2c community, enabling an amplification attack. The connected Nessus plugin reiterates the amplificatio...
CVE-2018-18959
An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. On the 'Air Print Setting' web page, if the data for 'Bonjour Service Location' at /PRESENTATION/BONJOUR is more than 251 bytes when sending data for Air Print Setting, then the device no longe...
CVE-2018-18959
The CVE-2018-18959 issue affects Epson WorkForce WF-2861 devices (10.48 LQ22I3, 10.51.LQ20I6, 10.52.LQ17IA). On the Air Print Setting page, if the data for Bonjour Service Location at /PRESENTATION/BONJOUR exceeds 251 bytes during data submission, the device becomes unusable until a reboot. This ...