Skip to main content

Lp 9200Ps2 Firmware CVE-2023-27520

MEDIUM
Cross-Site Request Forgery (CSRF) (CWE-352)
2023-04-11 vultures@jpcert.or.jp
CSRF Lp 9200Ps2 Firmware Lp 9200Ps3 Firmware Lp 8200C Firmware Lp 9600 Firmware Lp 9600S Firmware Lp 9300 Firmware Lp 8500C Firmware Lp 8700Ps3 Firmware Lp 9800C Firmware Lp S5500 Firmware Lp 9200B Firmware Lp 9200C Firmware Lp S4500 Firmware Lp S6500 Firmware Lp S7000 Firmware Lp S5000 Firmware Lp S4000 Firmware Lp S6000 Firmware Lp S5300 Firmware Lp S5300R Firmware Lp S300N Firmware Lp S310N Firmware Lp S3000 Firmware Lp S3000R Firmware Lp S3000Z Firmware Lp S3000Ps Firmware Lp S7500 Firmware Lp S7500Ps Firmware Lp S3500 Firmware Lp S4200 Firmware Lp S9000 Firmware Lp S7100 Firmware Lp S8100 Firmware Prifnw1 Firmware Prifnw1S Firmware Prifnw2 Firmware Prifnw2Ac Firmware Prifnw2S Firmware Prifnw2Sac Firmware Prifnw3 Firmware Prifnw3S Firmware Prifnw6 Firmware Prifnw7 Firmware Prifnw7U Firmware Prifnw7S Firmware Pa W11G Firmware Pa W11G2 Firmware Esnsb1 Firmware Esnsb2 Firmware Esifnw1 Firmware Sc T3250 Firmware Sc T3255 Firmware Sc T5250 Firmware Sc T5255 Firmware Sc T7250 Firmware Sc T7255 Firmware Sc T5250D Firmware Sc T5255D Firmware Sc T7250D Firmware Sc T7255D Firmware Sc P5050 Firmware Sc P7050 Firmware Sc P9050 Firmware Sc P6050 Firmware Sc P8050 Firmware Sc P20050 Firmware Sc S80650 Firmware Sc S60650 Firmware Sc S40650 Firmware Sc S60650L Firmware Sc S80650L Firmware Sc F7200 Firmware Sc F6350 Firmware Sc F9450 Firmware Sc F9450H Firmware Sc F2150 Firmware Tm C7500 Firmware Tm C3500 Firmware Tm C3400 Firmware Px B510 Firmware Px B500 Firmware Px 5800 Firmware Px 5002 Firmware Px 5V Firmware Px 7V Firmware Sc Px7V2 Firmware Sc Px5V2 Firmware Sc Px3V Firmware Px 6250S Firmware Px 6550 Firmware Px 7500N Firmware Px 7550 Firmware Px 7550S Firmware Px 9500N Firmware Px 9550 Firmware Px 9550S Firmware Px 20000 Firmware Stylus Pro Gs6000 Firmware Px W8000 Firmware Px F8000 Firmware Px F8000M Firmware Px F10000 Firmware Px H6000 Firmware Px H7000 Firmware Px H8000 Firmware Px H9000 Firmware Px H10000 Firmware Sc T3050 Firmware Sc T5050 Firmware Sc T7050 Firmware Sc P10050 Firmware Sc S30650 Firmware Sc S50650 Firmware Sc S70650 Firmware Sc F6000 Firmware Sc F7100 Firmware Sc F6200 Firmware Sc F9200 Firmware Sc F9350 Firmware Sc F2000 Firmware
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Apr 11, 2023 - 09:15 nvd
MEDIUM 6.5

DescriptionNVD

Cross-site request forgery (CSRF) vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote unauthenticated attacker to hijack the authentication and perform unintended operations by having a logged-in user view a malicious page. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers/network interface via a web browser. According to SEIKO EPSON CORPORATION, it is also called as Remote Manager in some products. Web Config is pre-installed in some printers/network interface provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor.

AnalysisAI

Cross-site request forgery (CSRF) vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote unauthenticated attacker to hijack the authentication and perform unintended. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. Cross-site request forgery (CSRF) vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote unauthenticated attacker to hijack the authentication and perform unintended operations by having a logged-in user view a malicious page. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers/network interface via a web browser. According to SEIKO EPSON CORPORATION, it is also called as Remote Manager in some products. Web Config is pre-installed in some printers/network interface provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor. Affected products include: Epson Lp-9200Ps2 Firmware, Epson Lp-9200Ps3 Firmware, Epson Lp-8200C Firmware, Epson Lp-9600 Firmware, Epson Lp-9600S Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.

Share

CVE-2023-27520 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy