Stored cross-site scripting in SEIKO EPSON printers/network interface Web Config
| Risk | Low |
| Patch available | NO |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-27520 |
| CWE-ID | CWE-79 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Web Config Web applications / Other software LP-9200PS2 Hardware solutions / Office equipment, IP-phones, print servers LP-9200PS3 Hardware solutions / Office equipment, IP-phones, print servers LP-8200C Hardware solutions / Office equipment, IP-phones, print servers LP-9600 Hardware solutions / Office equipment, IP-phones, print servers LP-9600S Hardware solutions / Office equipment, IP-phones, print servers LP-9300 Hardware solutions / Office equipment, IP-phones, print servers LP-8500C Hardware solutions / Office equipment, IP-phones, print servers LP-3000C Hardware solutions / Office equipment, IP-phones, print servers LP-8700PS3 Hardware solutions / Office equipment, IP-phones, print servers LP-9800C Hardware solutions / Office equipment, IP-phones, print servers LP-S5500 Hardware solutions / Office equipment, IP-phones, print servers LP-9200B Hardware solutions / Office equipment, IP-phones, print servers LP-9200C Hardware solutions / Office equipment, IP-phones, print servers LP-S4500 Hardware solutions / Office equipment, IP-phones, print servers LP-S6500 Hardware solutions / Office equipment, IP-phones, print servers LP-S7000 Hardware solutions / Office equipment, IP-phones, print servers LP-S5000 Hardware solutions / Office equipment, IP-phones, print servers LP-S4000 Hardware solutions / Office equipment, IP-phones, print servers LP-S6000 Hardware solutions / Office equipment, IP-phones, print servers LP-S5000R Hardware solutions / Office equipment, IP-phones, print servers LP-S5000Z Hardware solutions / Office equipment, IP-phones, print servers LP-S5000ZR Hardware solutions / Office equipment, IP-phones, print servers LP-S5300 Hardware solutions / Office equipment, IP-phones, print servers LP-S5300R Hardware solutions / Office equipment, IP-phones, print servers LP-S300N Hardware solutions / Office equipment, IP-phones, print servers LP-S210 Hardware solutions / Office equipment, IP-phones, print servers LP-S310 Hardware solutions / Office equipment, IP-phones, print servers LP-S310N Hardware solutions / Office equipment, IP-phones, print servers LP-S3000 Hardware solutions / Office equipment, IP-phones, print servers LP-S3000R Hardware solutions / Office equipment, IP-phones, print servers LP-S3000Z Hardware solutions / Office equipment, IP-phones, print servers LP-S3000PS Hardware solutions / Office equipment, IP-phones, print servers LP-S7500 Hardware solutions / Office equipment, IP-phones, print servers LP-S7500AS Hardware solutions / Office equipment, IP-phones, print servers LP-S7500AH Hardware solutions / Office equipment, IP-phones, print servers LP-S7500AP Hardware solutions / Office equipment, IP-phones, print servers LP-S3500 Hardware solutions / Office equipment, IP-phones, print servers LP-S4200 Hardware solutions / Office equipment, IP-phones, print servers LP-S9000 Hardware solutions / Office equipment, IP-phones, print servers LP-S7100 Hardware solutions / Office equipment, IP-phones, print servers LP-S8100 Hardware solutions / Office equipment, IP-phones, print servers PRIFNW1 Hardware solutions / Office equipment, IP-phones, print servers PRIFNW1S Hardware solutions / Office equipment, IP-phones, print servers PRIFNW2 Hardware solutions / Office equipment, IP-phones, print servers PRIFNW2AC Hardware solutions / Office equipment, IP-phones, print servers PRIFNW2S Hardware solutions / Office equipment, IP-phones, print servers PRIFNW2SAC Hardware solutions / Office equipment, IP-phones, print servers PRIFNW3 Hardware solutions / Office equipment, IP-phones, print servers PRIFNW3S Hardware solutions / Office equipment, IP-phones, print servers PRIFNW6 Hardware solutions / Office equipment, IP-phones, print servers PRIFNW7 Hardware solutions / Office equipment, IP-phones, print servers PRIFNW7U Hardware solutions / Office equipment, IP-phones, print servers PRIFNW7S Hardware solutions / Office equipment, IP-phones, print servers PA-W11G Hardware solutions / Office equipment, IP-phones, print servers PA-11G2 Hardware solutions / Office equipment, IP-phones, print servers ESNSB1 Hardware solutions / Office equipment, IP-phones, print servers ESNSB2 Hardware solutions / Office equipment, IP-phones, print servers ESIFNW1 Hardware solutions / Office equipment, IP-phones, print servers |
| Vendor | Seiko Epson Corporation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Stored cross-site scripting
EUVDB-ID: #VU73149
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-27520
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsWeb Config: All versions
LP-9200PS2: All versions
LP-9200PS3: All versions
LP-8200C: All versions
LP-9600: All versions
LP-9600S: All versions
LP-9300: All versions
LP-8500C: All versions
LP-3000C: All versions
LP-8700PS3: All versions
LP-9800C: All versions
LP-S5500: All versions
LP-9200B: All versions
LP-9200C: All versions
LP-S4500: All versions
LP-S6500: All versions
LP-S7000: All versions
LP-S5000: All versions
LP-S4000: All versions
LP-S6000: All versions
LP-S5000R: All versions
LP-S5000Z: All versions
LP-S5000ZR: All versions
LP-S5300: All versions
LP-S5300R: All versions
LP-S300N: All versions
LP-S210: All versions
LP-S310: All versions
LP-S310N: All versions
LP-S3000: All versions
LP-S3000R: All versions
LP-S3000Z: All versions
LP-S3000PS: All versions
LP-S7500: All versions
LP-S7500AS: All versions
LP-S7500AH: All versions
LP-S7500AP: All versions
LP-S3500: All versions
LP-S4200: All versions
LP-S9000: All versions
LP-S7100: All versions
LP-S8100: All versions
PRIFNW1: All versions
PRIFNW1S: All versions
PRIFNW2: All versions
PRIFNW2AC: All versions
PRIFNW2S: All versions
PRIFNW2SAC: All versions
PRIFNW3: All versions
PRIFNW3S: All versions
PRIFNW6: All versions
PRIFNW7: All versions
PRIFNW7U: All versions
PRIFNW7S: All versions
PA-W11G: All versions
PA-11G2: All versions
ESNSB1: All versions
ESNSB2: All versions
ESIFNW1: All versions
CPE2.3- cpe:2.3:a:seiko_epson_corporation:web_config:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:lp-9200ps2:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:lp-9200ps3:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:lp-8200c:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:lp-9600:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:lp-9600s:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:lp-9300:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:lp-8500c:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:lp-3000c:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:lp-8700ps3:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:lp-9800c:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:lp-s5500:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:lp-9200b:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:lp-9200c:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:lp-s4500:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:lp-s6500:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:lp-s7000:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:lp-s5000:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:lp-s4000:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:lp-s6000:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:lp-s5000r:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:lp-s5000z:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:lp-s5000zr:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:lp-s5300:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:lp-s5300r:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:lp-s300n:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:lp-s210:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:lp-s310:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:lp-s310n:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:lp-s3000:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:lp-s3000r:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:lp-s3000z:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:lp-s3000ps:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:lp-s7500:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:lp-s7500as:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:lp-s7500ah:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:lp-s7500ap:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:lp-s3500:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:lp-s4200:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:lp-s9000:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:lp-s7100:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:lp-s8100:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:prifnw1:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:prifnw1s:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:prifnw2:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:prifnw2ac:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:prifnw2s:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:prifnw2sac:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:prifnw3:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:prifnw3s:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:prifnw6:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:prifnw7:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:prifnw7u:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:prifnw7s:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:pa-w11g:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:pa-11g2:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:esnsb1:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:esnsb2:*:*:*:*:*:*:*:*
- cpe:2.3:h:seiko_epson_corporation:esifnw1:*:*:*:*:*:*:*:*
https://jvn.jp/en/jp/JVN82424996/index.html
https://www.epson.jp/support/misc_t/230308_oshirase.htm
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
