Cross-Site Request Forgery Vulnerability in Epson Expression Home Printers
CVE-2019-20460

8.8HIGH

Key Information:

Vendor

Epson

Vendor
CVE Published:
7 November 2024

What is CVE-2019-20460?

Epson Expression Home XP255 printers have a security flaw that allows attackers to exploit the lack of anti-CSRF tokens in POST requests. This vulnerability makes it possible for unauthorized actors to initiate actions directly to the printer, potentially resulting in unauthorized print jobs. Attackers can send malicious content, leading to puzzling or alarming user experiences as unauthorized printouts are delivered. Ensuring proper security measures are in place is critical for preventing such vulnerabilities in IoT devices.

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.