CVE-2023-27520
Severity CVSS v4.0:
Pending analysis
Type:
CWE-352
Cross-Site Request Forgery (CSRF)
Publication date:
11/04/2023
Last modified:
10/02/2025
Description
Cross-site request forgery (CSRF) vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote unauthenticated attacker to hijack the authentication and perform unintended operations by having a logged-in user view a malicious page. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers/network interface via a web browser. According to SEIKO EPSON CORPORATION, it is also called as Remote Manager in some products. Web Config is pre-installed in some printers/network interface provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:epson:lp-9200ps2_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:epson:lp-9200ps2:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:epson:lp-9200ps3_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:epson:lp-9200ps3:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:epson:lp-8200c_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:epson:lp-8200c:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:epson:lp-9600_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:epson:lp-9600:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:epson:lp-9600s_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:epson:lp-9600s:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:epson:lp-9300_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:epson:lp-9300:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:epson:lp-8500c_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:epson:lp-8500c:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:epson:lp-8700ps3_firmware:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page