Strix
26.1K

CVE-2023-27520

MEDIUMCVSS 6.5/10EPSS 0.32%

Last modified

CVE-2023-27520 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Cross-site request forgery (CSRF) vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote unauthenticated attacker to hijack the authentication and perform unintended operations by having a logged-in user view a malicious page. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers/network interface via a web browser. EPSS estimates a 0.32% chance of exploitation in the next 30 days.

Description

Cross-site request forgery (CSRF) vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote unauthenticated attacker to hijack the authentication and perform unintended operations by having a logged-in user view a malicious page. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers/network interface via a web browser. According to SEIKO EPSON CORPORATION, it is also called as Remote Manager in some products. Web Config is pre-installed in some printers/network interface provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor.

Metrics

CVSS 3.1
6.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS Probability
0.32%

23.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
EpsonLp-9200ps2 FirmwareAll versions
EpsonLp-9200ps3 FirmwareAll versions
EpsonLp-8200c FirmwareAll versions
EpsonLp-9600 FirmwareAll versions
EpsonLp-9600s FirmwareAll versions
EpsonLp-9300 FirmwareAll versions
EpsonLp-8500c FirmwareAll versions
EpsonLp-8700ps3 FirmwareAll versions
EpsonLp-9800c FirmwareAll versions
EpsonLp-S5500 FirmwareAll versions
EpsonLp-9200b FirmwareAll versions
EpsonLp-9200c FirmwareAll versions
EpsonLp-S4500 FirmwareAll versions
EpsonLp-S6500 FirmwareAll versions
EpsonLp-S7000 FirmwareAll versions
EpsonLp-S5000 FirmwareAll versions
EpsonLp-S4000 FirmwareAll versions
EpsonLp-S6000 FirmwareAll versions
EpsonLp-S5300 FirmwareAll versions
EpsonLp-S5300r FirmwareAll versions
EpsonLp-S300n FirmwareAll versions
EpsonLp-S310n FirmwareAll versions
EpsonLp-S3000 FirmwareAll versions
EpsonLp-S3000r FirmwareAll versions
EpsonLp-S3000z FirmwareAll versions
EpsonLp-S3000ps FirmwareAll versions
EpsonLp-S7500 FirmwareAll versions
EpsonLp-S7500ps FirmwareAll versions
EpsonLp-S3500 FirmwareAll versions
EpsonLp-S4200 FirmwareAll versions
EpsonLp-S9000 FirmwareAll versions
EpsonLp-S7100 FirmwareAll versions
EpsonLp-S8100 FirmwareAll versions
EpsonPrifnw1 FirmwareAll versions
EpsonPrifnw1s FirmwareAll versions
EpsonPrifnw2 FirmwareAll versions
EpsonPrifnw2ac FirmwareAll versions
EpsonPrifnw2s FirmwareAll versions
EpsonPrifnw2sac FirmwareAll versions
EpsonPrifnw3 FirmwareAll versions
EpsonPrifnw3s FirmwareAll versions
EpsonPrifnw6 FirmwareAll versions
EpsonPrifnw7 FirmwareAll versions
EpsonPrifnw7u FirmwareAll versions
EpsonPrifnw7s FirmwareAll versions
EpsonPa-W11g FirmwareAll versions
EpsonPa-W11g2 FirmwareAll versions
EpsonEsnsb1 FirmwareAll versions
EpsonEsnsb2 FirmwareAll versions
EpsonEsifnw1 FirmwareAll versions

Showing 50 of 120 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2023-27520?
Cross-site request forgery (CSRF) vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote unauthenticated attacker to hijack the authentication and perform unintended operations by having a logged-in user view a malicious page. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers/network interface via a web browser. According to SEIKO EPSON CORPORATION, it is also called as Remote Manager in some products. Web Config is pre-installed in some printers/network interface provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor.
How severe is CVE-2023-27520?
CVE-2023-27520 has a CVSS score of 6.5/10 (MEDIUM severity). The EPSS model estimates a 0.32% probability of exploitation in the next 30 days.
How do I fix CVE-2023-27520?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-27520?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST