CVE-2018-19248

N/A

Descripcion

The web service on Epson WorkForce WF-2861 10.48 LQ22I3(Recovery-mode), WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to upload a firmware file and reset the printer without authentication by making a request to the /DOWN/FIRMWAREUPDATE/ROM1 URI and a POST request to the /FIRMWAREUPDATE URI.

Detalles CVE

Puntuacion CVSS v3.1N/A

Publicado12/24/2018

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

epson:epson_workforce_wf-2861epson:epson_workforce_wf-2861_firmware

Debilidades (CWE)

CWE-306

Referencias

https://github.com/epistemophilia/CVEs/blob/master/Epson-WorkForce-WF2861/CVE-2018-19248/poc-cve-2018-19248.py(cve@mitre.org)

https://github.com/epistemophilia/CVEs/blob/master/Epson-WorkForce-WF2861/CVE-2018-19248/poc-cve-2018-19248.py(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.