CVE-2018-19248

N/A

Description

The web service on Epson WorkForce WF-2861 10.48 LQ22I3(Recovery-mode), WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to upload a firmware file and reset the printer without authentication by making a request to the /DOWN/FIRMWAREUPDATE/ROM1 URI and a POST request to the /FIRMWAREUPDATE URI.

CVE Details

CVSS v3.1 ScoreN/A

Published12/24/2018

Last Modified11/21/2024

Sourcenvd

Honeypot Sightings0

Affected Products

epson:epson_workforce_wf-2861epson:epson_workforce_wf-2861_firmware

Weaknesses (CWE)

CWE-306

References

https://github.com/epistemophilia/CVEs/blob/master/Epson-WorkForce-WF2861/CVE-2018-19248/poc-cve-2018-19248.py(cve@mitre.org)

https://github.com/epistemophilia/CVEs/blob/master/Epson-WorkForce-WF2861/CVE-2018-19248/poc-cve-2018-19248.py(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.