CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-19248

The web service on Epson WorkForce WF-2861 10.48 LQ22I3(Recovery-mode), WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to upload a firmware file and reset the printer without authentication by making a request to the /DOWN/FIRMWAREUPDATE/ROM1 URI and a POST request to the /FIRMWAREUPDATE URI.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.011

EPSS Ranking 76.9%

CVSS Severity

CVSS v3 Score 9.1

CVSS v2 Score 6.4

References

Products affected by CVE-2018-19248

Epson » Epson Workforce Wf-2861 » Version: N/A

cpe:2.3:h:epson:epson_workforce_wf-2861:-
Epson » Epson Workforce Wf-2861 Firmware » Version: 10.48_lq22i3

cpe:2.3:o:epson:epson_workforce_wf-2861_firmware:10.48_lq22i3
Epson » Epson Workforce Wf-2861 Firmware » Version: 10.51.lq20i6

cpe:2.3:o:epson:epson_workforce_wf-2861_firmware:10.51.lq20i6
Epson » Epson Workforce Wf-2861 Firmware » Version: 10.52.lq17ia

cpe:2.3:o:epson:epson_workforce_wf-2861_firmware:10.52.lq17ia

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-19248

Products

Pricing

Contact Us