CVE-2018-0689 Information

Description

HTTP header injection vulnerability in SEIKO EPSON printers and scanners (DS-570W firmware versions released prior to 2018 March 13 DS-780N firmware versions released prior to 2018 March 13 EP-10VA firmware versions released prior to 2017 September 4 EP-30VA firmware versions released prior to 2017 June 19 EP-707A firmware versions released prior to 2017 August 1 EP-708A firmware versions released prior to 2017 August 7 EP-709A firmware versions released prior to 2017 June 12 EP-777A firmware versions released prior to 2017 August 1 EP-807AB/AW/AR firmware versions released prior to 2017 August 1 EP-808AB/AW/AR firmware versions released prior to 2017 August 7 EP-879AB/AW/AR firmware versions released prior to 2017 June 12 EP-907F firmware versions released prior to 2017 August 1 EP-977A3 firmware versions released prior to 2017 August 1 EP-978A3 firmware versions released prior to 2017 August 7 EP-979A3 firmware versions released prior to 2017 June 12 EP-M570T firmware versions released prior to 2017 September 6 EW-M5071FT firmware versions released prior to 2017 November 2 EW-M660FT firmware versions released prior to 2018 April 19 EW-M770T firmware versions released prior to 2017 September 6 PF-70 firmware versions released prior to 2018 April 20 PF-71 firmware versions released prior to 2017 July 18 PF-81 firmware versions released prior to 2017 September 14 PX-048A firmware versions released prior to 2017 July 4 PX-049A firmware versions released prior to 2017 September 11 PX-437A firmware versions released prior to 2017 July 24 PX-M350F firmware versions released prior to 2018 February 23 PX-M5040F firmware versions released prior to 2017 November 20 PX-M5041F firmware versions released prior to 2017 November 20 PX-M650A firmware versions released prior to 2017 October 17 PX-M650F firmware versions released prior to 2017 October 17 PX-M680F firmware versions released prior to 2017 June 29 PX-M7050F firmware versions released prior to 2017 October 13 PX-M7050FP firmware versions released prior to 2017 October 13 PX-M7050FX firmware versions released prior to 2017 November 7 PX-M7070FX firmware versions released prior to 2017 April 27 PX-M740F firmware versions released prior to 2017 December 4 PX-M741F firmware versions released prior to 2017 December 4 PX-M780F firmware versions released prior to 2017 June 29 PX-M781F firmware versions released prior to 2017 June 27 PX-M840F firmware versions released prior to 2017 November 16 PX-M840FX firmware versions released prior to 2017 December 8 PX-M860F firmware versions released prior to 2017 October 25 PX-S05B/W firmware versions released prior to 2018 March 9 PX-S350 firmware versions released prior to 2018 February 23 PX-S5040 firmware versions released prior to 2017 November 20 PX-S7050 firmware versions released prior to 2018 February 21 PX-S7050PS firmware versions released prior to 2018 February 21 PX-S7050X firmware versions released prior to 2017 November 7 PX-S7070X firmware versions released prior to 2017 April 27 PX-S740 firmware versions released prior to 2017 December 3 PX-S840 firmware versions released prior to 2017 November 16 PX-S840X firmware versions released prior to 2017 December 8 PX-S860 firmware versions released prior to 2017 December 7) may allow a remote attackers to lead a user to a phishing site or execute an arbitrary script on the user’s web browser.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

https://jvn.jp/en/jp/JVN89767228/index.html https://www.epson.jp/support/misc/20181203_oshirase.htm

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8