Filtered by vendor Epson Subscriptions
Filtered by product Xp-255 Subscriptions
Total 3 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-20458 1 Epson 1 Xp-255 2024-11-08 8.8 High
An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. By default, the device comes (and functions) without a password. The user is at no point prompted to set up a password on the device (leaving a number of devices without a password). In this case, anyone connecting to the web admin panel is capable of becoming admin without using any credentials.
CVE-2019-20459 1 Epson 1 Xp-255 2024-11-08 8.4 High
An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. With the SNMPv1 public community, all values can be read, and with the epson community, all the changeable values can be written/updated, as demonstrated by permanently disabling the network card or changing the DNS servers.
CVE-2019-20460 1 Epson 1 Xp-255 2024-11-08 8.8 High
An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. POST requests don't require (anti-)CSRF tokens or other mechanisms for validating that the request is from a legitimate source. In addition, CSRF attacks can be used to send text directly to the RAW printer interface. For example, an attack could deliver a worrisome printout to an end user.