{"id":58547,"date":"2024-07-30T18:41:19","date_gmt":"2024-07-30T15:41:19","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/179809\/epsonexpressionxp255-xsrf.txt"},"modified":"2024-07-30T18:41:19","modified_gmt":"2024-07-30T15:41:19","slug":"epson-expression-home-xp255-20-08-fm10i8-cross-site-request-forgery","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/epson-expression-home-xp255-20-08-fm10i8-cross-site-request-forgery\/","title":{"rendered":"Epson Expression Home XP255 20.08.FM10I8 Cross Site Request Forgery"},"content":{"rendered":"[Suggested description]An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices.
POST requests don’t require (anti-)CSRF tokens or other
mechanisms for validating that the request is from a legitimate
source.
In addition, CSRF attacks can be used to send text directly to the RAW
printer interface. For example, an attack could deliver a worrisome printout to an end user.<\/p>\n

——————————————<\/p>\n[Vulnerability Type]Cross Site Request Forgery (CSRF)<\/p>\n

——————————————<\/p>\n[Vendor of Product]Epson<\/p>\n

——————————————<\/p>\n[Affected Product Code Base]Expression Home XP255 – 20.08.FM10I8<\/p>\n

——————————————<\/p>\n[Affected Component]Web admin panel, RAW printing protocol<\/p>\n

——————————————<\/p>\n[Attack Type]Remote<\/p>\n

——————————————<\/p>\n[Impact Escalation of Privileges]true<\/p>\n

——————————————<\/p>\n[Attack Vectors]Using a CSRF attack, the web admin panel is attacked.<\/p>\n

——————————————<\/p>\n[Has vendor confirmed or acknowledged the vulnerability?]true<\/p>\n

——————————————<\/p>\n[Discoverer]Konrad Leszczynski, intern at Qbit in collaboration with the Dutch consumer organisation.<\/p>\n

——————————————<\/p>\n[Reference]https:\/\/epson.com\/Support\/sl\/s<\/p>\n

Use CVE-2019-20460.<\/p>\n","protected":false},"excerpt":{"rendered":"

[Suggested description]An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices.POST requests don’t require (anti-)CSRF tokens or othermechanisms for validating that the request is from a legitimatesource.In addition, CSRF attacks can be used to send text directly to the RAWprinter interface. For example, an attack could deliver a worrisome printout to an end user. …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-58547","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/58547","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=58547"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/58547\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=58547"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=58547"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=58547"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}