Filtered by vendor Epson
Subscriptions
Filtered by product Xp-255
Subscriptions
Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-20458 | 1 Epson | 1 Xp-255 | 2024-11-08 | 8.8 High |
An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. By default, the device comes (and functions) without a password. The user is at no point prompted to set up a password on the device (leaving a number of devices without a password). In this case, anyone connecting to the web admin panel is capable of becoming admin without using any credentials. | ||||
CVE-2019-20459 | 1 Epson | 1 Xp-255 | 2024-11-08 | 8.4 High |
An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. With the SNMPv1 public community, all values can be read, and with the epson community, all the changeable values can be written/updated, as demonstrated by permanently disabling the network card or changing the DNS servers. | ||||
CVE-2019-20460 | 1 Epson | 1 Xp-255 | 2024-11-08 | 8.8 High |
An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. POST requests don't require (anti-)CSRF tokens or other mechanisms for validating that the request is from a legitimate source. In addition, CSRF attacks can be used to send text directly to the RAW printer interface. For example, an attack could deliver a worrisome printout to an end user. |
Page 1 of 1.