Vulnerability Description
ESC/POS, a printer control language designed by Seiko Epson Corporation, lacks mechanisms for user authentication and command authorization, does not provide controls to restrict sources or destinations of network communication, and transmits commands without encryption or integrity protection.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Epson | Sb-H50 Firmware | - |
| Epson | Sb-H50 | - |
| Epson | Tm-H6000V Firmware | - |
| Epson | Tm-H6000V | - |
| Epson | Tm-L100 Firmware | - |
| Epson | Tm-L100 | - |
| Epson | Tm-M10 Firmware | - |
| Epson | Tm-M10 | - |
| Epson | Tm-M30 Firmware | - |
| Epson | Tm-M30 | - |
| Epson | Tm-M30Ii Firmware | - |
| Epson | Tm-M30Ii | - |
| Epson | Tm-M30Ii-H Firmware | - |
| Epson | Tm-M30Ii-H | - |
| Epson | Tm-M30Ii-S Firmware | - |
| Epson | Tm-M30Ii-S | - |
| Epson | Tm-M30Ii-Sl Firmware | - |
| Epson | Tm-M30Ii-Sl | - |
| Epson | Tm-M30Iii Firmware | - |
| Epson | Tm-M30Iii | - |
Related Weaknesses (CWE)
References
- https://download4.epson.biz/sec_pubs/bs/pdf/IP_Filtering_Guide_en_revA.pdfProduct
- https://jvn.jp/en/ta/JVNTA97995322/Third Party Advisory
- https://www.epson.jp/support/misc_t/260305_oshirase.htmVendor Advisory
FAQ
What is CVE-2026-23767?
CVE-2026-23767 is a vulnerability with a CVSS score of 9.8 (CRITICAL). ESC/POS, a printer control language designed by Seiko Epson Corporation, lacks mechanisms for user authentication and command authorization, does not provide controls to restrict sources or destinatio...
How severe is CVE-2026-23767?
CVE-2026-23767 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2026-23767?
Check the references section above for vendor advisories and patch information. Affected products include: Epson Sb-H50 Firmware, Epson Sb-H50, Epson Tm-H6000V Firmware, Epson Tm-H6000V, Epson Tm-L100 Firmware.