CVE-2023-4957 - OpenCVE

A vulnerability of authentication bypass has been found on a Zebra Technologies ZTC ZT410-203dpi ZPL printer. This vulnerability allows an attacker that is in the same network as the printer, to change the username and password for the Web Page by sending a specially crafted POST request to the setvarsResults.cgi file. For this vulnerability to be exploitable, the printers protected mode must be disabled.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Zebra	Zt410 Zt410 Firmware

Configuration 1 [-]

AND

cpe:2.3:h:zebra:zt410:-:*:*:*:*:*:*:*

cpe:2.3:o:zebra:zt410_firmware:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/authentication-bypass-zebra-ztc

History

No history.

MITRE

Status: PUBLISHED

Assigner: INCIBE

Published: 2023-10-11T13:21:32.613Z

Updated: 2024-09-05T18:06:06.703Z

Reserved: 2023-09-14T07:08:37.883Z

Link: CVE-2023-4957

Vulnrichment

Updated: 2024-08-02T07:44:53.296Z

NVD

Status : Analyzed

Published: 2023-10-11T14:15:10.047

Modified: 2023-10-16T14:08:22.900

Link: CVE-2023-4957

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-4957", "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "state": "PUBLISHED", "assignerShortName": "INCIBE", "dateReserved": "2023-09-14T07:08:37.883Z", "datePublished": "2023-10-11T13:21:32.613Z", "dateUpdated": "2024-09-05T18:06:06.703Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ZTC ZT410", "vendor": "Zebra Technologies", "versions": [{"status": "affected", "version": "203dpi ZPL 18J150703184"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "David C\u00e1mara Galindo"}], "datePublic": "2023-10-11T10:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": " A vulnerability of authentication bypass has been found on a Zebra Technologies ZTC ZT410-203dpi ZPL printer. This vulnerability allows an attacker that is in the same network as the printer, to change the username and password for the Web Page by sending a specially crafted POST request to the setvarsResults.cgi file. For this vulnerability to be exploitable, the printers protected mode must be disabled."}], "value": " A vulnerability of authentication bypass has been found on a Zebra Technologies ZTC ZT410-203dpi ZPL printer. This vulnerability allows an attacker that is in the same network as the printer, to change the username and password for the Web Page by sending a specially crafted POST request to the setvarsResults.cgi file. For this vulnerability to be exploitable, the printers protected mode must be disabled."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-288", "description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "shortName": "INCIBE", "dateUpdated": "2023-10-11T13:21:32.613Z"}, "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/authentication-bypass-zebra-ztc"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Zebra Printers running Link-OS v6.0 and later have a protected mode that protects the printer from this vulnerability. Activating this mode disables unauthorized changes and locks the current configuration until an administrator authorizes updates. By default, the secure mode is disabled as it is necessary to generate a password first. NOTE: the ZT410 industrial printer was discontinued on Oct 1st, 2020. The service and Support discontinuation dates are in September and December 2025 depending on region. Further information regarding security settings and best practices, including \u201cProtected Mode\u201d, can be found in the references."}], "value": "Zebra Printers running Link-OS v6.0 and later have a protected mode that protects the printer from this vulnerability. Activating this mode disables unauthorized changes and locks the current configuration until an administrator authorizes updates. By default, the secure mode is disabled as it is necessary to generate a password first. NOTE: the ZT410 industrial printer was discontinued on Oct 1st, 2020. The service and Support discontinuation dates are in September and December 2025 depending on region. Further information regarding security settings and best practices, including \u201cProtected Mode\u201d, can be found in the references."}], "source": {"discovery": "UNKNOWN"}, "title": "Authentication Bypass on Zebra ZTC", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:44:53.296Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/authentication-bypass-zebra-ztc", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-05T18:02:24.582285Z", "id": "CVE-2023-4957", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-05T18:06:06.703Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/authentication-bypass-zebra-ztc", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:44:53.296Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-4957", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-05T18:02:24.582285Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-05T18:06:02.061Z"}}], "cna": {"title": "Authentication Bypass on Zebra ZTC", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "David C\u00e1mara Galindo"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Zebra Technologies", "product": "ZTC ZT410", "versions": [{"status": "affected", "version": "203dpi ZPL 18J150703184"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Zebra Printers running Link-OS v6.0 and later have a protected mode that protects the printer from this vulnerability. Activating this mode disables unauthorized changes and locks the current configuration until an administrator authorizes updates. By default, the secure mode is disabled as it is necessary to generate a password first. NOTE: the ZT410 industrial printer was discontinued on Oct 1st, 2020. The service and Support discontinuation dates are in September and December 2025 depending on region. Further information regarding security settings and best practices, including \u201cProtected Mode\u201d, can be found in the references.", "supportingMedia": [{"type": "text/html", "value": "Zebra Printers running Link-OS v6.0 and later have a protected mode that protects the printer from this vulnerability. Activating this mode disables unauthorized changes and locks the current configuration until an administrator authorizes updates. By default, the secure mode is disabled as it is necessary to generate a password first. NOTE: the ZT410 industrial printer was discontinued on Oct 1st, 2020. The service and Support discontinuation dates are in September and December 2025 depending on region. Further information regarding security settings and best practices, including \u201cProtected Mode\u201d, can be found in the references.", "base64": false}]}], "datePublic": "2023-10-11T10:00:00.000Z", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/authentication-bypass-zebra-ztc"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": " A vulnerability of authentication bypass has been found on a Zebra Technologies ZTC ZT410-203dpi ZPL printer. This vulnerability allows an attacker that is in the same network as the printer, to change the username and password for the Web Page by sending a specially crafted POST request to the setvarsResults.cgi file. For this vulnerability to be exploitable, the printers protected mode must be disabled.", "supportingMedia": [{"type": "text/html", "value": " A vulnerability of authentication bypass has been found on a Zebra Technologies ZTC ZT410-203dpi ZPL printer. This vulnerability allows an attacker that is in the same network as the printer, to change the username and password for the Web Page by sending a specially crafted POST request to the setvarsResults.cgi file. For this vulnerability to be exploitable, the printers protected mode must be disabled.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-288", "description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"}]}], "providerMetadata": {"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "shortName": "INCIBE", "dateUpdated": "2023-10-11T13:21:32.613Z"}}}, "cveMetadata": {"cveId": "CVE-2023-4957", "state": "PUBLISHED", "dateUpdated": "2024-09-05T18:06:06.703Z", "dateReserved": "2023-09-14T07:08:37.883Z", "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "datePublished": "2023-10-11T13:21:32.613Z", "assignerShortName": "INCIBE"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:zebra:zt410:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFB9B490-0581-4AFD-9305-56F28FEE4479", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:zebra:zt410_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "65BC1222-C5EB-4A4A-B1B1-3140D902D797", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": " A vulnerability of authentication bypass has been found on a Zebra Technologies ZTC ZT410-203dpi ZPL printer. This vulnerability allows an attacker that is in the same network as the printer, to change the username and password for the Web Page by sending a specially crafted POST request to the setvarsResults.cgi file. For this vulnerability to be exploitable, the printers protected mode must be disabled."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en una impresora ZPL ZTC ZT410-203dpi de Zebra Technologies. Esta vulnerabilidad permite a un atacante que se encuentra en la misma red que la impresora, cambiar el nombre de usuario y la contrase\u00f1a de la p\u00e1gina web enviando una solicitud POST especialmente manipulada al archivo setvarsResults.cgi. Para que esta vulnerabilidad sea explotable, el modo protegido de la impresora debe estar desactivado."}], "id": "CVE-2023-4957", "lastModified": "2023-10-16T14:08:22.900", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "cve-coordination@incibe.es", "type": "Secondary"}]}, "published": "2023-10-11T14:15:10.047", "references": [{"source": "cve-coordination@incibe.es", "tags": ["Third Party Advisory"], "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/authentication-bypass-zebra-ztc"}], "sourceIdentifier": "cve-coordination@incibe.es", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-288"}], "source": "cve-coordination@incibe.es", "type": "Primary"}]}