Search criteria
3 vulnerabilities found for lp-s7100 by epson
VAR-201012-0350
Vulnerability from variot - Updated: 2025-04-11 22:50The Seiko Epson printer driver installers for LP-S9000 before 4.1.11 and LP-S7100 before 4.1.7, or as downloaded from the vendor between May 2010 and 20101125, set weak permissions for the "C:\Program Files" folder, which might allow local users to bypass intended access restrictions and create or modify arbitrary files and directories. As a result, users that do not have permission to access that folder can gain access to that folder. According to the developer, printer drivers that were included with the product or downloaded from the developer website from the initial release of May 2010 through November 25, 2010 are affected by this vulnerability. Also, users of Windows Vista and later operating systems are not affected. The Epson LP-S7100 / LP-S9000 is a family of high performance printers. There is a problem with the Epson LP-S7100 / LP-S9000 driver installation, allowing local users to increase privileges. Because the default permissions for \"C:\Program Files\" and its subdirectories are not set correctly (\"Everyone\" group is fully controlled), local users can exploit the vulnerability to overwrite any file in these folders, resulting in elevation of privilege. Local attackers can exploit this issue to gain elevated privileges on affected devices. The following driver versions are vulnerable: LP-S7100 4.1.0fi through 4.1.7fi and 4.1.0hi through 4.1.7hi LP-S9000 4.1.0fc through 4.1.11fc and 4.1.0hc through 4.1.11hc. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial: http://secunia.com/products/corporate/vim/
TITLE: Epson LP-S7100 / LP-S9000 Drivers Insecure Default Permissions
SECUNIA ADVISORY ID: SA42540
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42540/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42540
RELEASE DATE: 2010-12-08
DISCUSS ADVISORY: http://secunia.com/advisories/42540/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/42540/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42540
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A security issue has been reported in Epson LP-S7100 / LP-S9000 drivers, which can be exploited by malicious, local users to gain escalated privileges.
The security issue is reported in the following versions: * LP-S7100 32bit edition versions 4.1.0fi through 4.1.7fi * LP-S7100 64bit edition versions 4.1.0hi through 4.1.7hi * LP-S9000 32bit edition versions 4.1.0fc through 4.1.11fc * LP-S9000 64bit edition versions 4.1.0hc through 4.1.11hc
SOLUTION: Update to a patched version and reset permissions. Please see the vendor's advisory for more details.
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: http://www.epson.jp/support/misc/lps7100_9000/index.htm
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201012-0350",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "lp-s9000 driver 4.1.11",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": "*"
},
{
"model": "lp-s9000 driver 4.1.0",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": "*"
},
{
"model": "lp-s7100 driver 4.1.7",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": "*"
},
{
"model": "lp-s7100 driver 4.1.0",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": "*"
},
{
"model": "lp-s9000 4.1.0fc",
"scope": null,
"trust": 0.9,
"vendor": "epson",
"version": null
},
{
"model": "lp-s9000 4.1.0hc",
"scope": null,
"trust": 0.9,
"vendor": "epson",
"version": null
},
{
"model": "lp-s9000 4.1.11fc",
"scope": null,
"trust": 0.9,
"vendor": "epson",
"version": null
},
{
"model": "lp-s9000 4.1.11hc",
"scope": null,
"trust": 0.9,
"vendor": "epson",
"version": null
},
{
"model": "driver for lp-s7100",
"scope": "eq",
"trust": 0.8,
"vendor": "seiko epson",
"version": "prior to ver4.1.11 (32-bit and 64-bit)"
},
{
"model": "driver for lp-s9000",
"scope": "eq",
"trust": 0.8,
"vendor": "seiko epson",
"version": "prior to ver4.1.7 (32-bit and 64-bit)"
},
{
"model": "lp-s9000 4.1.0fi",
"scope": null,
"trust": 0.6,
"vendor": "epson",
"version": null
},
{
"model": "lp-s9000 4.1.0hi",
"scope": null,
"trust": 0.6,
"vendor": "epson",
"version": null
},
{
"model": "lp-s9000 4.1.7fi",
"scope": null,
"trust": 0.6,
"vendor": "epson",
"version": null
},
{
"model": "lp-s9000 4.1.7hi",
"scope": null,
"trust": 0.6,
"vendor": "epson",
"version": null
},
{
"model": "lp-s9000",
"scope": null,
"trust": 0.6,
"vendor": "epson",
"version": null
},
{
"model": "lp-s7100",
"scope": null,
"trust": 0.6,
"vendor": "epson",
"version": null
},
{
"model": "lp-s7100 4.1.7hi",
"scope": null,
"trust": 0.3,
"vendor": "epson",
"version": null
},
{
"model": "lp-s7100 4.1.7fi",
"scope": null,
"trust": 0.3,
"vendor": "epson",
"version": null
},
{
"model": "lp-s7100 4.1.0hi",
"scope": null,
"trust": 0.3,
"vendor": "epson",
"version": null
},
{
"model": "lp-s7100 4.1.0fi",
"scope": null,
"trust": 0.3,
"vendor": "epson",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-3107"
},
{
"db": "BID",
"id": "45258"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-000059"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-100"
},
{
"db": "NVD",
"id": "CVE-2010-3920"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:epson:lp-s7100",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:epson:lp-s9000",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-000059"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "45258"
}
],
"trust": 0.3
},
"cve": "CVE-2010-3920",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2010-3920",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2010-000059",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-3920",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2010-000059",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-201012-100",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-000059"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-100"
},
{
"db": "NVD",
"id": "CVE-2010-3920"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Seiko Epson printer driver installers for LP-S9000 before 4.1.11 and LP-S7100 before 4.1.7, or as downloaded from the vendor between May 2010 and 20101125, set weak permissions for the \"C:\\Program Files\" folder, which might allow local users to bypass intended access restrictions and create or modify arbitrary files and directories. As a result, users that do not have permission to access that folder can gain access to that folder. According to the developer, printer drivers that were included with the product or downloaded from the developer website from the initial release of May 2010 through November 25, 2010 are affected by this vulnerability. Also, users of Windows Vista and later operating systems are not affected. The Epson LP-S7100 / LP-S9000 is a family of high performance printers. There is a problem with the Epson LP-S7100 / LP-S9000 driver installation, allowing local users to increase privileges. Because the default permissions for \\\"C:\\\\Program Files\\\" and its subdirectories are not set correctly (\\\"Everyone\\\" group is fully controlled), local users can exploit the vulnerability to overwrite any file in these folders, resulting in elevation of privilege. \nLocal attackers can exploit this issue to gain elevated privileges on affected devices. \nThe following driver versions are vulnerable:\nLP-S7100 4.1.0fi through 4.1.7fi and 4.1.0hi through 4.1.7hi\nLP-S9000 4.1.0fc through 4.1.11fc and 4.1.0hc through 4.1.11hc. ----------------------------------------------------------------------\n\n\nSecure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). \n\nRequest a free trial: \nhttp://secunia.com/products/corporate/vim/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nEpson LP-S7100 / LP-S9000 Drivers Insecure Default Permissions\n\nSECUNIA ADVISORY ID:\nSA42540\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/42540/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42540\n\nRELEASE DATE:\n2010-12-08\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/42540/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/42540/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42540\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA security issue has been reported in Epson LP-S7100 / LP-S9000\ndrivers, which can be exploited by malicious, local users to gain\nescalated privileges. \n\nThe security issue is reported in the following versions:\n* LP-S7100 32bit edition versions 4.1.0fi through 4.1.7fi\n* LP-S7100 64bit edition versions 4.1.0hi through 4.1.7hi\n* LP-S9000 32bit edition versions 4.1.0fc through 4.1.11fc\n* LP-S9000 64bit edition versions 4.1.0hc through 4.1.11hc\n\nSOLUTION:\nUpdate to a patched version and reset permissions. Please see the\nvendor\u0027s advisory for more details. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.epson.jp/support/misc/lps7100_9000/index.htm\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-3920"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-000059"
},
{
"db": "CNVD",
"id": "CNVD-2010-3107"
},
{
"db": "BID",
"id": "45258"
},
{
"db": "PACKETSTORM",
"id": "96501"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-3920",
"trust": 3.3
},
{
"db": "SECUNIA",
"id": "42540",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVN62736872",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2010-000059",
"trust": 2.4
},
{
"db": "OSVDB",
"id": "69678",
"trust": 1.8
},
{
"db": "CNVD",
"id": "CNVD-2010-3107",
"trust": 0.6
},
{
"db": "JVN",
"id": "JVN#62736872",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201012-100",
"trust": 0.6
},
{
"db": "BID",
"id": "45258",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "96501",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-3107"
},
{
"db": "BID",
"id": "45258"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-000059"
},
{
"db": "PACKETSTORM",
"id": "96501"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-100"
},
{
"db": "NVD",
"id": "CVE-2010-3920"
}
]
},
"id": "VAR-201012-0350",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-3107"
}
],
"trust": 1.2666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-3107"
}
]
},
"last_update_date": "2025-04-11T22:50:18.849000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "To the users of LP-S7100/LP-S9000",
"trust": 0.8,
"url": "http://www.epson.jp/support/misc/lps7100_9000/index.htm"
},
{
"title": "Epson LP-S7100 / LP-S9000 Unsafe Directory Permissions Elevation of Privilege Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/1998"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-3107"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-000059"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.0
},
{
"problemtype": "CWE-DesignError",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-000059"
},
{
"db": "NVD",
"id": "CVE-2010-3920"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://jvn.jp/en/jp/jvn62736872/index.html"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/42540"
},
{
"trust": 2.0,
"url": "http://www.epson.jp/support/misc/lps7100_9000/index.htm"
},
{
"trust": 1.8,
"url": "http://osvdb.org/69678"
},
{
"trust": 1.6,
"url": "http://jvndb.jvn.jp/ja/contents/2010/jvndb-2010-000059.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3920"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3920"
},
{
"trust": 0.7,
"url": "http://secunia.com/advisories/42540/"
},
{
"trust": 0.3,
"url": "http://www.epson.jp/products/offirio/printer/lps7100/"
},
{
"trust": 0.3,
"url": "http://www.epson.jp/products/offirio/printer/lps9000/"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/42540/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42540"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-3107"
},
{
"db": "BID",
"id": "45258"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-000059"
},
{
"db": "PACKETSTORM",
"id": "96501"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-100"
},
{
"db": "NVD",
"id": "CVE-2010-3920"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2010-3107"
},
{
"db": "BID",
"id": "45258"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-000059"
},
{
"db": "PACKETSTORM",
"id": "96501"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-100"
},
{
"db": "NVD",
"id": "CVE-2010-3920"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-12-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-3107"
},
{
"date": "2010-12-08T00:00:00",
"db": "BID",
"id": "45258"
},
{
"date": "2010-12-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-000059"
},
{
"date": "2010-12-08T05:23:36",
"db": "PACKETSTORM",
"id": "96501"
},
{
"date": "2010-12-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201012-100"
},
{
"date": "2010-12-08T20:00:01.713000",
"db": "NVD",
"id": "CVE-2010-3920"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-12-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-3107"
},
{
"date": "2010-12-08T00:00:00",
"db": "BID",
"id": "45258"
},
{
"date": "2010-12-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-000059"
},
{
"date": "2010-12-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201012-100"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2010-3920"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "45258"
},
{
"db": "PACKETSTORM",
"id": "96501"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-100"
}
],
"trust": 1.0
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability in Epson printer driver installer where access permissions are changed",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-000059"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201012-100"
}
],
"trust": 0.6
}
}
VAR-202303-0412
Vulnerability from variot - Updated: 2025-02-11 23:02Cross-site scripting vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers/network interface via a web browser. According to SEIKO EPSON CORPORATION, it is also called as Remote Manager in some products. Web Config is pre-installed in some printers/network interface provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Yokohama National University Mayoya Noma Mr. Yuta Morii Mr. Hiroki Yasui Mr. Takayuki Sasaki Mr. Katsunari Yoshioka MrThe potential impact will vary for each vulnerability, but you may be affected by:・The number of users who accessed the setting screen of the product Web Arbitrary scripts are executed on the browser - CVE-2023-23572 ・If a user who is logged in to the product's setting screen accesses a specially crafted page, the product's settings are changed. - CVE-2023-27520
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202303-0412",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "lp-8200c",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw1s",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s8100",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s7100",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw3s",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "esnsb1",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s7500",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-9200c",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s7500ps",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-8700ps3",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s5300r",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s5500",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s5300",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s310n",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s3000ps",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw6",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw7u",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "esnsb2",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-9600s",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s5000",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s4000",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw2s",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-8500c",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-9600",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "pa-w11g2",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "pa-w11g",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s3500",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-9200ps3",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s6500",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s7000",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw1",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s4200",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s4500",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-9300",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw2ac",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw7",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s9000",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-9200ps2",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw2sac",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s3000z",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s3000",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw7s",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "esifnw1",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-9800c",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s6000",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw2",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s300n",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s3000r",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-9200b",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw3",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "web config",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30bb\u30a4\u30b3\u30fc\u30a8\u30d7\u30bd\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": "this product has been installed in some seiko epson printers network interface products. please check the information provided by the developer for the products that have been installed."
},
{
"model": "web config",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30bb\u30a4\u30b3\u30fc\u30a8\u30d7\u30bd\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "web config",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30bb\u30a4\u30b3\u30fc\u30a8\u30d7\u30bd\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": "according to the developer, in some products remote manager it is said that it is sometimes called."
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000022"
},
{
"db": "NVD",
"id": "CVE-2023-23572"
}
]
},
"cve": "CVE-2023-23572",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2023-000022",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.7,
"id": "CVE-2023-23572",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.8,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2023-000022",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-23572",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2023-23572",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2023-000022",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202304-913",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000022"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-913"
},
{
"db": "NVD",
"id": "CVE-2023-23572"
},
{
"db": "NVD",
"id": "CVE-2023-23572"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers/network interface via a web browser. According to SEIKO EPSON CORPORATION, it is also called as Remote Manager in some products. Web Config is pre-installed in some printers/network interface provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Yokohama National University Mayoya Noma Mr. Yuta Morii Mr. Hiroki Yasui Mr. Takayuki Sasaki Mr. Katsunari Yoshioka MrThe potential impact will vary for each vulnerability, but you may be affected by:\u30fbThe number of users who accessed the setting screen of the product Web Arbitrary scripts are executed on the browser - CVE-2023-23572 \u30fbIf a user who is logged in to the product\u0027s setting screen accesses a specially crafted page, the product\u0027s settings are changed. - CVE-2023-27520",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-23572"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000022"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-23572",
"trust": 3.2
},
{
"db": "JVN",
"id": "JVN82424996",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000022",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202304-913",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000022"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-913"
},
{
"db": "NVD",
"id": "CVE-2023-23572"
}
]
},
"id": "VAR-202303-0412",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6666667
},
"last_update_date": "2025-02-11T23:02:18.811000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "of printers and network interface products Web\u00a0Config about vulnerabilities in",
"trust": 0.8,
"url": "https://www.epson.jp/support/misc_t/230308_oshirase.htm"
},
{
"title": "EPSON printer Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=234196"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000022"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-913"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [IPA evaluation ]",
"trust": 0.8
},
{
"problemtype": " Cross-site request forgery (CWE-352) [IPA evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000022"
},
{
"db": "NVD",
"id": "CVE-2023-23572"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://jvn.jp/en/jp/jvn82424996/"
},
{
"trust": 1.6,
"url": "https://www.epson.jp/support/misc_t/230308_oshirase.htm"
},
{
"trust": 0.8,
"url": "https://jvn.jp/jp/jvn82424996/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-23572"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-27520"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-23572/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000022"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-913"
},
{
"db": "NVD",
"id": "CVE-2023-23572"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000022"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-913"
},
{
"db": "NVD",
"id": "CVE-2023-23572"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-000022"
},
{
"date": "2023-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202304-913"
},
{
"date": "2023-04-11T09:15:07.707000",
"db": "NVD",
"id": "CVE-2023-23572"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-06-03T08:34:00",
"db": "JVNDB",
"id": "JVNDB-2023-000022"
},
{
"date": "2023-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202304-913"
},
{
"date": "2025-02-11T16:15:31.730000",
"db": "NVD",
"id": "CVE-2023-23572"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-913"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Seiko Epson printers and network interface products \u00a0Web\u00a0Config\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000022"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-913"
}
],
"trust": 0.6
}
}
VAR-202303-0411
Vulnerability from variot - Updated: 2025-02-11 23:02Cross-site request forgery (CSRF) vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote unauthenticated attacker to hijack the authentication and perform unintended operations by having a logged-in user view a malicious page. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers/network interface via a web browser. According to SEIKO EPSON CORPORATION, it is also called as Remote Manager in some products. Web Config is pre-installed in some printers/network interface provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Yokohama National University Mayoya Noma Mr. Yuta Morii Mr. Hiroki Yasui Mr. Takayuki Sasaki Mr. Katsunari Yoshioka MrThe potential impact will vary for each vulnerability, but you may be affected by:・The number of users who accessed the setting screen of the product Web Arbitrary scripts are executed on the browser - CVE-2023-23572 ・If a user who is logged in to the product's setting screen accesses a specially crafted page, the product's settings are changed. - CVE-2023-27520
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202303-0411",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "lp-s4200",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "sc-s70650",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "sc-s50650",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s9000",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-8500c",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "px-7550",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw1s",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw6",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "px-5002",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "px-h10000",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s4000",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "sc-t3250",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "px-f8000m",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "sc-t7255",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "sc-f9350",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "pa-w11g",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw2sac",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "esifnw1",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "sc-px7v2",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s5500",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "px-7550s",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s8100",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "px-h7000",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "px-5v",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-9600s",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "stylus pro gs6000",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw2s",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "sc-t3255",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "sc-f2150",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "tm-c3500",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-9200ps2",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "sc-t5250d",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "sc-px5v2",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "px-9550s",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "px-5800",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "px-9550",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-9300",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "px-h9000",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "sc-t7250d",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw2",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-9200ps3",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-9800c",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "sc-f7200",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "px-20000",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw7",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "px-7500n",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "sc-f6350",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s310n",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "tm-c7500",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "sc-f6000",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s300n",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "sc-s80650",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "sc-p20050",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s7000",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "tm-c3400",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "sc-t7050",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-9200c",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "sc-f2000",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s6500",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "sc-p7050",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s7500ps",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "sc-t5255d",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "px-9500n",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "px-b510",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "sc-p5050",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "sc-s40650",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "px-h8000",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "sc-s80650l",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s3000ps",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw3",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "sc-px3v",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw1",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "px-6250s",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "px-6550",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-9600",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "sc-t5050",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "sc-f9200",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "sc-f9450h",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "sc-p9050",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-8200c",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "px-w8000",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw2ac",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "sc-p10050",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "sc-t5255",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "sc-f7100",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "sc-f6200",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s5300r",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s4500",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-8700ps3",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s5000",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "px-h6000",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "sc-t3050",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw3s",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "sc-f9450",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "px-7v",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw7u",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "sc-t7255d",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "px-f8000",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s3500",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-9200b",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s5300",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "px-f10000",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s7100",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "sc-p6050",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "pa-w11g2",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "sc-s60650",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "sc-p8050",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "px-b500",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "sc-t7250",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s3000",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "sc-s60650l",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s3000r",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "sc-s30650",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "prifnw7s",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s3000z",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "esnsb1",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s7500",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "esnsb2",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "sc-t5250",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "lp-s6000",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "web config",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30bb\u30a4\u30b3\u30fc\u30a8\u30d7\u30bd\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": "this product has been installed in some seiko epson printers network interface products. please check the information provided by the developer for the products that have been installed."
},
{
"model": "web config",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30bb\u30a4\u30b3\u30fc\u30a8\u30d7\u30bd\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "web config",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30bb\u30a4\u30b3\u30fc\u30a8\u30d7\u30bd\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": "according to the developer, in some products remote manager it is said that it is sometimes called."
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000022"
},
{
"db": "NVD",
"id": "CVE-2023-27520"
}
]
},
"cve": "CVE-2023-27520",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 2.6,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2023-000022",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2023-27520",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2023-000022",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-27520",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2023-27520",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202304-716",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000022"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-716"
},
{
"db": "NVD",
"id": "CVE-2023-27520"
},
{
"db": "NVD",
"id": "CVE-2023-27520"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote unauthenticated attacker to hijack the authentication and perform unintended operations by having a logged-in user view a malicious page. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers/network interface via a web browser. According to SEIKO EPSON CORPORATION, it is also called as Remote Manager in some products. Web Config is pre-installed in some printers/network interface provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Yokohama National University Mayoya Noma Mr. Yuta Morii Mr. Hiroki Yasui Mr. Takayuki Sasaki Mr. Katsunari Yoshioka MrThe potential impact will vary for each vulnerability, but you may be affected by:\u30fbThe number of users who accessed the setting screen of the product Web Arbitrary scripts are executed on the browser - CVE-2023-23572 \u30fbIf a user who is logged in to the product\u0027s setting screen accesses a specially crafted page, the product\u0027s settings are changed. - CVE-2023-27520",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-27520"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000022"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-27520",
"trust": 3.2
},
{
"db": "JVN",
"id": "JVN82424996",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000022",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202304-716",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000022"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-716"
},
{
"db": "NVD",
"id": "CVE-2023-27520"
}
]
},
"id": "VAR-202303-0411",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.54166668
},
"last_update_date": "2025-02-11T23:02:18.785000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "of printers and network interface products Web\u00a0Config about vulnerabilities in",
"trust": 0.8,
"url": "https://www.epson.jp/support/misc_t/230308_oshirase.htm"
},
{
"title": "EPSON printer Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=234167"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000022"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-716"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [IPA evaluation ]",
"trust": 0.8
},
{
"problemtype": " Cross-site request forgery (CWE-352) [IPA evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000022"
},
{
"db": "NVD",
"id": "CVE-2023-27520"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://jvn.jp/en/jp/jvn82424996/"
},
{
"trust": 1.6,
"url": "https://www.epson.jp/support/misc_t/230308_oshirase.htm"
},
{
"trust": 0.8,
"url": "https://jvn.jp/jp/jvn82424996/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-23572"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-27520"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-27520/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000022"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-716"
},
{
"db": "NVD",
"id": "CVE-2023-27520"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000022"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-716"
},
{
"db": "NVD",
"id": "CVE-2023-27520"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-000022"
},
{
"date": "2023-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202304-716"
},
{
"date": "2023-04-11T09:15:08.157000",
"db": "NVD",
"id": "CVE-2023-27520"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-06-03T08:34:00",
"db": "JVNDB",
"id": "JVNDB-2023-000022"
},
{
"date": "2023-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202304-716"
},
{
"date": "2025-02-10T22:15:31.220000",
"db": "NVD",
"id": "CVE-2023-27520"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-716"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Seiko Epson printers and network interface products \u00a0Web\u00a0Config\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000022"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-716"
}
],
"trust": 0.6
}
}