Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote unauthenticated attacker to hijack the authentication and perform unintended operations by having a logged-in user view a malicious page. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers/network interface via a web browser. According to SEIKO EPSON CORPORATION, it is also called as Remote Manager in some products. Web Config is pre-installed in some printers/network interface provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Epson | Lp-9200Ps2 Firmware | - |
| Epson | Lp-9200Ps2 | - |
| Epson | Lp-9200Ps3 Firmware | - |
| Epson | Lp-9200Ps3 | - |
| Epson | Lp-8200C Firmware | - |
| Epson | Lp-8200C | - |
| Epson | Lp-9600 Firmware | - |
| Epson | Lp-9600 | - |
| Epson | Lp-9600S Firmware | - |
| Epson | Lp-9600S | - |
| Epson | Lp-9300 Firmware | - |
| Epson | Lp-9300 | - |
| Epson | Lp-8500C Firmware | - |
| Epson | Lp-8500C | - |
| Epson | Lp-8700Ps3 Firmware | - |
| Epson | Lp-8700Ps3 | - |
| Epson | Lp-9800C Firmware | - |
| Epson | Lp-9800C | - |
| Epson | Lp-S5500 Firmware | - |
| Epson | Lp-S5500 | - |
Related Weaknesses (CWE)
References
- https://jvn.jp/en/jp/JVN82424996/Third Party Advisory
- https://www.epson.jp/support/misc_t/230308_oshirase.htmMitigationVendor Advisory
- https://jvn.jp/en/jp/JVN82424996/Third Party Advisory
- https://www.epson.jp/support/misc_t/230308_oshirase.htmMitigationVendor Advisory
FAQ
What is CVE-2023-27520?
CVE-2023-27520 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Cross-site request forgery (CSRF) vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote unauthenticated attacker to hijack the authentication and perform unintended operat...
How severe is CVE-2023-27520?
CVE-2023-27520 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-27520?
Check the references section above for vendor advisories and patch information. Affected products include: Epson Lp-9200Ps2 Firmware, Epson Lp-9200Ps2, Epson Lp-9200Ps3 Firmware, Epson Lp-9200Ps3, Epson Lp-8200C Firmware.