CVE-2023-3697

CVE-2023-3697 affects ASUSTOR ADM printers: the printer service fails to properly validate user input, enabling remote unauthorized users to traverse directories and create files beyond the intended path. Affected products/versions include ADM 4.0.6.RIS1, 4.1.0 and earlier, and ADM 4.2.2.RI61 and...

CVE-2023-3697 A Command injection vulnerability was found on Printer service of ADM

Printer service fails to adequately handle user input, allowing an remote unauthorized users to navigate beyond the intended directory structure and create files. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below...

CVE-2023-2910 A Command injection vulnerability was found on Printer service of ADM

Improper neutralization of special elements used in a command 'Command Injection' vulnerability in Printer service functionality in ASUSTOR Data Master ADM allows remote unauthorized users to execute arbitrary commands via unspecified vectors. Affected products and versions include: ADM 4.0.6.RIS...

CVE-2023-2910

CVE-2023-2910 affects ASUSTOR Data Master (ADM) Printer service. The root cause is improper neutralization of special elements used in a command (command injection) which enables remote, unauthenticated abuse to execute arbitrary commands. Affected ADM versions include 4.0.6.RIS1, 4.1.0 and below...

CVE-2023-2910 A Command injection vulnerability was found on Printer service of ADM

Improper neutralization of special elements used in a command 'Command Injection' vulnerability in Printer service functionality in ASUSTOR Data Master ADM allows remote unauthorized users to execute arbitrary commands via unspecified vectors. Affected products and versions include: ADM 4.0.6.RIS...

ASUSTOR Data Master 路径遍历漏洞

ASUSTOR Data Master is an operating system exclusively on the ASUSTOR NAS from China's ASUS, featuring a tablet-like graphical interface comparable to a zero-learning curve, making it a snap to use. A security vulnerability exists in ASUSTOR Data Master that stems from the Printer service allowin...

ASUSTOR Data Master 命令注入漏洞

ASUSTOR Data Master is a specialized operating system on ASUSTOR NAS from ASUS, China. ASUSTOR Data Master suffers from a command injection vulnerability that stems from the Printer service feature failing to properly filter constructed command special characters, commands, etc. The vulnerability...

ASUSTOR Data Master 路径遍历漏洞

ASUSTOR Data Master is a specialized operating system on ASUSTOR NAS from ASUS, China. An input validation error vulnerability exists in ASUSTOR Data Master, which stems from the Printer service's inability to adequately process user input, and can be exploited by an attacker to navigate to anoth...

PT-2023-7627 · Asustor · Asustor Data Master

Name of the Vulnerable Software and Affected Versions: ASUSTOR Data Master ADM versions 4.0.6.RIS1 through 4.1.0 ASUSTOR Data Master ADM versions 4.2.2.RI61 and below Description: The issue is related to improper neutralization of special elements used in a command, allowing remote unauthorized...

Privilege escalation

Certain HP and Samsung Printer software packages may potentially be vulnerable to elevation of privilege due to Uncontrolled Search Path Element...

CVE-2022-4894

Certain HP and Samsung Printer software packages may potentially be vulnerable to elevation of privilege due to Uncontrolled Search Path Element...

CVE-2022-4894

CVE-2022-4894 affects certain HP and Samsung Printer software packages, enabling elevation of privilege via Uncontrolled Search Path Element. The root cause is improper handling of search paths in printer software, allowing a local attacker with low privileges and user interaction to escalate rig...

PT-2023-15905 · Hewlett Packard +1 · Hp Sprinter +1

Name of the Vulnerable Software and Affected Versions: HP Printer software affected versions not specified Samsung Printer software affected versions not specified Description: The issue is related to an elevation of privilege due to an Uncontrolled Search Path Element in certain HP and Samsung...

HP Printer Software Elevation of Privilege (HPSBPI03857)

Certain HP and Samsung Printer software packages may potentially be vulnerable to elevation of privilege due to Uncontrolled Search Path Element. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C...

CVE-2023-38556

Improper input validation vulnerability in SEIKO EPSON printer Web Config allows a remote attacker to turned off the printer. Note Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers via a web browser. Web Config is pre-installed in som...

Input validation

Improper input validation vulnerability in SEIKO EPSON printer Web Config allows a remote attacker to turned off the printer. Note Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers via a web browser. Web Config is pre-installed in som...

CVE-2023-38556

Improper input validation vulnerability in SEIKO EPSON printer Web Config allows a remote attacker to turned off the printer. Note Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers via a web browser. Web Config is pre-installed in som...

CVE-2023-38556

Improper input validation vulnerability in SEIKO EPSON printer Web Config allows a remote attacker to turned off the printer. Note Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers via a web browser. Web Config is pre-installed in som...

CVE-2023-38556

CVE-2023-38556 affects SEIKO EPSON printer Web Config, which has an improper input validation flaw (CWE-20). This allows a remote attacker to turn off the printer via network access without user interaction. The vulnerability impacts SEIKO EPSON Web Config pre-installed on affected printers and r...

SEIKO EPSON printer Web Config vulnerable to denial-of-service (DoS)

Overview SEIKO EPSON printer Web Config contains a denial-of-service DoS vulnerability due to improper input validation CWE-20. SEIKO EPSON CORPORATION reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and SEIKO EPSON CORPORATION coordinated under the...