Vulnerabilities > CVE-2018-0688 - Open Redirect vulnerability in Epson products

CVSS 5.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

epson

CWE-601

NVD

Published: 2019-01-09

Updated: 2019-02-15

Summary

Open redirect vulnerability in SEIKO EPSON printers and scanners (DS-570W firmware versions released prior to 2018 March 13, DS-780N firmware versions released prior to 2018 March 13, EP-10VA firmware versions released prior to 2017 September 4, EP-30VA firmware versions released prior to 2017 June 19, EP-707A firmware versions released prior to 2017 August 1, EP-708A firmware versions released prior to 2017 August 7, EP-709A firmware versions released prior to 2017 June 12, EP-777A firmware versions released prior to 2017 August 1, EP-807AB/AW/AR firmware versions released prior to 2017 August 1, EP-808AB/AW/AR firmware versions released prior to 2017 August 7, EP-879AB/AW/AR firmware versions released prior to 2017 June 12, EP-907F firmware versions released prior to 2017 August 1, EP-977A3 firmware versions released prior to 2017 August 1, EP-978A3 firmware versions released prior to 2017 August 7, EP-979A3 firmware versions released prior to 2017 June 12, EP-M570T firmware versions released prior to 2017 September 6, EW-M5071FT firmware versions released prior to 2017 November 2, EW-M660FT firmware versions released prior to 2018 April 19, EW-M770T firmware versions released prior to 2017 September 6, PF-70 firmware versions released prior to 2018 April 20, PF-71 firmware versions released prior to 2017 July 18, PF-81 firmware versions released prior to 2017 September 14, PX-048A firmware versions released prior to 2017 July 4, PX-049A firmware versions released prior to 2017 September 11, PX-437A firmware versions released prior to 2017 July 24, PX-M350F firmware versions released prior to 2018 February 23, PX-M5040F firmware versions released prior to 2017 November 20, PX-M5041F firmware versions released prior to 2017 November 20, PX-M650A firmware versions released prior to 2017 October 17, PX-M650F firmware versions released prior to 2017 October 17, PX-M680F firmware versions released prior to 2017 June 29, PX-M7050F firmware versions released prior to 2017 October 13, PX-M7050FP firmware versions released prior to 2017 October 13, PX-M7050FX firmware versions released prior to 2017 November 7, PX-M7070FX firmware versions released prior to 2017 April 27, PX-M740F firmware versions released prior to 2017 December 4, PX-M741F firmware versions released prior to 2017 December 4, PX-M780F firmware versions released prior to 2017 June 29, PX-M781F firmware versions released prior to 2017 June 27, PX-M840F firmware versions released prior to 2017 November 16, PX-M840FX firmware versions released prior to 2017 December 8, PX-M860F firmware versions released prior to 2017 October 25, PX-S05B/W firmware versions released prior to 2018 March 9, PX-S350 firmware versions released prior to 2018 February 23, PX-S5040 firmware versions released prior to 2017 November 20, PX-S7050 firmware versions released prior to 2018 February 21, PX-S7050PS firmware versions released prior to 2018 February 21, PX-S7050X firmware versions released prior to 2017 November 7, PX-S7070X firmware versions released prior to 2017 April 27, PX-S740 firmware versions released prior to 2017 December 3, PX-S840 firmware versions released prior to 2017 November 16, PX-S840X firmware versions released prior to 2017 December 8, PX-S860 firmware versions released prior to 2017 December 7) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the web interface of the affected product.

Vulnerable Configurations

Part	Description	Count
OS	Epson Epson DS 570W Firmware * Epson DS 780N Firmware * Epson EP 10Va Firmware * Epson EP 30Va Firmware * Epson EP 707A Firmware * Epson EP 708A Firmware * Epson EP 709A Firmware * Epson EP 777A Firmware * Epson EP 807Ab Firmware * Epson EP 807Aw Firmware * Epson EP 807Ar Firmware * Epson EP 808Ab Firmware * Epson EP 808Aw Firmware * Epson EP 808Ar Firmware * Epson EP 879Ab Firmware * Epson EP 879Aw Firmware * Epson EP 879Ar Firmware * Epson EP 907F Firmware * Epson EP 977A3 Firmware * Epson EP 978A3 Firmware * Epson EP 979A3 Firmware * Epson EP M570T Firmware * Epson EW M5071Ft Firmware * Epson EW M660Ft Firmware * Epson EW M770T Firmware * Epson PF 70 Firmware * Epson PF 71 Firmware * Epson PF 81 Firmware * Epson PX 048A Firmware * Epson PX 049A Firmware * Epson PX 437A Firmware * Epson PX M350F Firmware * Epson PX M5040F Firmware * Epson PX M5041F Firmware * Epson PX M650A Firmware * Epson PX M650F Firmware * Epson PX M680F Firmware * Epson PX M7050F Firmware * Epson PX M7050Fp Firmware * Epson PX M7050Fx Firmware * Epson PX M7070Fx Firmware * Epson PX M740F Firmware * Epson PX M781F Firmware * Epson PX M840F Firmware * Epson PX M840Fx Firmware * Epson PX M860F Firmware * Epson PX S05B Firmware * Epson PX S05W Firmware * Epson PX S350 Firmware * Epson PX S5040 Firmware * Epson PX S7050 Firmware * Epson PX S7050Ps Firmware * Epson PX S7050X Firmware * Epson PX S7070X Firmware * Epson PX S740 Firmware * Epson PX S840 Firmware * Epson PX S840X Firmware * Epson PX S860 Firmware *	58
Hardware	Epson Epson DS 570W - Epson DS 780N - Epson EP 10Va - Epson EP 30Va - Epson EP 707A - Epson EP 708A - Epson EP 709A - Epson EP 777A - Epson EP 807Ab - Epson EP 807Aw - Epson EP 807Ar - Epson EP 808Ab - Epson EP 808Aw - Epson EP 808Ar - Epson EP 879Ab - Epson EP 879Aw - Epson EP 879Ar - Epson EP 907F - Epson EP 977A3 - Epson EP 978A3 - Epson EP 979A3 - Epson EP M570T - Epson EW M5071Ft - Epson EW M660Ft - Epson EW M770T - Epson PF 70 - Epson PF 71 - Epson PF 81 - Epson PX 048A - Epson PX 049A - Epson PX 437A - Epson PX M350F - Epson PX M5040F - Epson PX M5041F - Epson PX M650A - Epson PX M650F - Epson PX M680F - Epson PX M7050F - Epson PX M7050Fp - Epson PX M7050Fx - Epson PX M7070Fx - Epson PX M740F - Epson PX M781F - Epson PX M840F - Epson PX M840Fx - Epson PX M860F - Epson PX S05B - Epson PX S05W - Epson PX S350 - Epson PX S5040 - Epson PX S7050 - Epson PX S7050Ps - Epson PX S7050X - Epson PX S7070X - Epson PX S740 - Epson PX S840 - Epson PX S840X - Epson PX S860 -	58

Common Weakness Enumeration (CWE)

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Common Attack Pattern Enumeration and Classification (CAPEC)

Fake the Source of Data
An adversary provides data under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or it might be an attempt by the adversary to assume the rights granted to another identity. One of the simplest forms of this attack would be the creation of an email message with a modified "From" field in order to appear that the message was sent from someone other than the actual sender. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

References