CVE-2019-20460 Information

Description

An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. POST requests don’t require (anti-)CSRF tokens or other mechanisms for validating that the request is from a legitimate source. In addition CSRF attacks can be used to send text directly to the RAW printer interface. For example an attack could deliver a worrisome printout to an end user.

Reference

https://epson.com/Support/wa00826 https://seclists.org/fulldisclosure/2024/Jul/14