CVE-2018-19248

N/A

Descricao

The web service on Epson WorkForce WF-2861 10.48 LQ22I3(Recovery-mode), WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to upload a firmware file and reset the printer without authentication by making a request to the /DOWN/FIRMWAREUPDATE/ROM1 URI and a POST request to the /FIRMWAREUPDATE URI.

Detalhes CVE

Pontuacao CVSS v3.1N/A

Publicado12/24/2018

Ultima modificacao11/21/2024

Fontenvd

Avistamentos honeypot0

Produtos afetados

epson:epson_workforce_wf-2861epson:epson_workforce_wf-2861_firmware

Fraquezas (CWE)

CWE-306

Referencias

https://github.com/epistemophilia/CVEs/blob/master/Epson-WorkForce-WF2861/CVE-2018-19248/poc-cve-2018-19248.py(cve@mitre.org)

https://github.com/epistemophilia/CVEs/blob/master/Epson-WorkForce-WF2861/CVE-2018-19248/poc-cve-2018-19248.py(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.