FKIE_CVE-2026-23767
Vulnerability from fkie_nvd - Published: 2026-03-05 06:16 - Updated: 2026-03-09 18:42
Severity ?
Summary
ESC/POS, a printer control language designed by Seiko Epson Corporation, lacks mechanisms for user authentication and command authorization, does not provide controls to restrict sources or destinations of network communication, and transmits commands without encryption or integrity protection.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:epson:sb-h50_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23F0B53B-3A3F-46A7-8951-C61F2D09F342",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:epson:sb-h50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBFA8123-CD32-4A46-BC55-7EE44872EEC2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:epson:tm-h6000v_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D53274A-446F-45BE-B580-1597BF46ABEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:epson:tm-h6000v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA19657-F5D5-4635-8CEB-2A3C09DF8EE5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:epson:tm-l100_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A88AEA71-C821-4C50-B7CD-47F47453B36A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:epson:tm-l100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D71D846-6A55-4CDC-9FFA-C5129BB1A385",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:epson:tm-m10_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62646F66-DD76-4FA2-893A-74F9079083DB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:epson:tm-m10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05CEE9CC-F67D-48B2-8E91-08EA747FE47B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:epson:tm-m30_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37ECA6F4-E93C-42E6-8941-A2F07B614F22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:epson:tm-m30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "205C289A-A2DC-4DC4-AC3F-6165C5D94D45",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:epson:tm-m30ii_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "370C10EF-DE91-454D-9D8C-D589C6105C87",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:epson:tm-m30ii:-:*:*:*:*:*:*:*",
"matchCriteriaId": "320088E4-B208-4E9B-9ABA-47528F6A44CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:epson:tm-m30ii-h_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1121F6D-D3D8-4FC9-8995-EDFE1991BB64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:epson:tm-m30ii-h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0F46E30-A440-4265-97DC-15D1732B6FC1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:epson:tm-m30ii-s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7228870-2AC6-4FC0-A408-FDBEF16096C5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:epson:tm-m30ii-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE5A17D-6ABA-4FCC-8334-D581C3C09FD9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:epson:tm-m30ii-sl_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "368C3E42-9D95-44D8-BF8D-A5478492BDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:epson:tm-m30ii-sl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4E2CF96-A539-44A1-93BA-A89A862BE006",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:epson:tm-m30iii_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E1E48520-A2B7-43E5-8F32-072A8F048A94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:epson:tm-m30iii:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49BB0499-CE37-4D6F-A583-6AB3029C47EE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:epson:tm-m30iii-h_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E697846E-9913-41ED-BEEE-D7D073CE07F3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:epson:tm-m30iii-h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "348E837C-68C0-4D41-BF6B-B104ED03C2FA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:epson:tm-m55_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1808278B-BA08-4347-98F3-AB7555BF1112",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:epson:tm-m55:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08BFC04A-B8B5-49B6-97EB-03BCD723B8A2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:epson:tm-p20ii_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1140CA18-39F2-41FB-B7C1-933E54D8E7F6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:epson:tm-p20ii:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C7C48A0-D762-4732-AE44-AA0F86BA1FE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:epson:tm-p80ii_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7418A243-69DB-47D1-9162-3E1139A5C21B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:epson:tm-p80ii:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7449DE-00FD-43F5-BB35-B940585DE35A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:epson:tm-p20_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9B30904D-0F77-43A1-86F2-928B4F3ECBF7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:epson:tm-p20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B44CA7A4-0A2D-406C-BD41-A24C79A87761",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:epson:tm-p60ii_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "48967203-6F16-4B19-87EB-B5E2915947E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:epson:tm-p60ii:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D889AB9-BDA2-405A-BB60-58031FF9DFC3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:epson:tm-p80_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A95677C8-867A-419A-ABCB-BBE6FEB3881A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:epson:tm-p80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "376111B4-A9F3-4099-9BB4-627B9BFBD295",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:epson:tm-t20ii_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE22522A-F08D-4254-B5B2-DDBBE696AFEA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:epson:tm-t20ii:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E59284A-62CB-49D5-A763-4133FD5D1C97",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:epson:tm-t20iii_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "983E9338-9C6B-4314-8113-A6551E0E9408",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:epson:tm-t20iii:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A977B494-6192-4FD3-B871-C2371D4C2310",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:epson:tm-t88vi_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA6E6AD-F390-41F2-9D66-98D1BF99BBB2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:epson:tm-t88vi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "056C570E-B0A3-4A22-9939-906CBE841025",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:epson:tm-t88vi-ihub_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F79FD491-7D10-42A2-98FC-63764BD815D1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:epson:tm-t88vi-ihub:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A90AC6B-B574-4DC6-B746-96F88C3F26B7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:epson:tm-t88vii_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "397881F3-431C-495B-9D46-08DDBE5C4248",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:epson:tm-t88vii:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62FFDE00-753F-4DD9-8590-FED4F8A911AA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:epson:ub-r04_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E19517F-0ACF-4BD6-B907-A625E4A0ED78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:epson:ub-r04:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0521E96D-043E-4AB8-A5CA-973CF6D17D8A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:epson:ub-e04_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00876971-8F74-4681-8BB6-E33DE5C3C688",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:epson:ub-e04:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9628B2AC-C871-4B59-8572-F6142DD24A42",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ESC/POS, a printer control language designed by Seiko Epson Corporation, lacks mechanisms for user authentication and command authorization, does not provide controls to restrict sources or destinations of network communication, and transmits commands without encryption or integrity protection."
},
{
"lang": "es",
"value": "ESC/POS, un lenguaje de control de impresora dise\u00f1ado por Seiko Epson Corporation, carece de mecanismos para la autenticaci\u00f3n de usuarios y la autorizaci\u00f3n de comandos, no proporciona controles para restringir las fuentes o destinos de la comunicaci\u00f3n de red, y transmite comandos sin cifrado o protecci\u00f3n de integridad."
}
],
"id": "CVE-2026-23767",
"lastModified": "2026-03-09T18:42:01.070",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2026-03-05T06:16:22.227",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Product"
],
"url": "https://download4.epson.biz/sec_pubs/bs/pdf/IP_Filtering_Guide_en_revA.pdf"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/ta/JVNTA97995322/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.epson.jp/support/misc_t/260305_oshirase.htm"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "vultures@jpcert.or.jp",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…