Details of VAR-201808-0403

ID

VAR-201808-0403

CVE

CVE-2018-14899

TITLE

EPSON WF-2750 Cross-site scripting vulnerability in printer firmware

Trust: 0.8

sources: JVNDB: JVNDB-2018-010064

DESCRIPTION

On the EPSON WF-2750 printer with firmware JP02I2, the Web interface AirPrint Setup page is vulnerable to HTML Injection that can redirect users to malicious sites. EPSON WF-2750 Printer firmware contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. EPSONWF-2750 is a printer device from Epson Japan. The vulnerability stems from the printer web server failing to properly check the validity of the form before processing the HTML form. An attacker could use this vulnerability to redirect users to a malicious site

Trust: 2.34

sources: NVD: CVE-2018-14899 // JVNDB: JVNDB-2018-010064 // CNVD: CNVD-2018-17426 // VULHUB: VHN-125104 // VULMON: CVE-2018-14899

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-17426

AFFECTED PRODUCTS

vendor:	epson	model:	wf-2750	scope:	eq	version:	jp02l2	Trust: 1.6
vendor:	seiko epson	model:	wf-2750	scope:	eq	version:	jp02i2	Trust: 0.8
vendor:	epson	model:	wf-2750 jp02i2	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2018-17426 // JVNDB: JVNDB-2018-010064 // CNNVD: CNNVD-201808-978 // NVD: CVE-2018-14899

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-14899
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-14899
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-17426
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201808-978
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-125104
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2018-14899
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-14899
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2018-17426
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-125104
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-14899
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-17426 // VULHUB: VHN-125104 // VULMON: CVE-2018-14899 // JVNDB: JVNDB-2018-010064 // CNNVD: CNNVD-201808-978 // NVD: CVE-2018-14899

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-125104 // JVNDB: JVNDB-2018-010064 // NVD: CVE-2018-14899

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201808-978

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201808-978

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-010064

PATCH

title:

Epson WorkForce WF-2750 All-in-One Printer

url:

https://epson.com/For-Work/Printers/Inkjet/Epson-WorkForce-WF-2750-All-in-One-Printer/p/C11CF76201

Trust: 0.8

sources: JVNDB: JVNDB-2018-010064

EXTERNAL IDS

db:	NVD	id:	CVE-2018-14899	Trust: 3.2
db:	JVNDB	id:	JVNDB-2018-010064	Trust: 0.8
db:	CNNVD	id:	CNNVD-201808-978	Trust: 0.7
db:	CNVD	id:	CNVD-2018-17426	Trust: 0.6
db:	VULHUB	id:	VHN-125104	Trust: 0.1
db:	VULMON	id:	CVE-2018-14899	Trust: 0.1

sources: CNVD: CNVD-2018-17426 // VULHUB: VHN-125104 // VULMON: CVE-2018-14899 // JVNDB: JVNDB-2018-010064 // CNNVD: CNNVD-201808-978 // NVD: CVE-2018-14899

REFERENCES

url:	https://www.vdalabs.com/2018/08/26/epson-printer-vulnerabilities/	Trust: 2.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14899	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14899	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2018-17426 // VULHUB: VHN-125104 // VULMON: CVE-2018-14899 // JVNDB: JVNDB-2018-010064 // CNNVD: CNNVD-201808-978 // NVD: CVE-2018-14899

SOURCES

db:	CNVD	id:	CNVD-2018-17426
db:	VULHUB	id:	VHN-125104
db:	VULMON	id:	CVE-2018-14899
db:	JVNDB	id:	JVNDB-2018-010064
db:	CNNVD	id:	CNNVD-201808-978
db:	NVD	id:	CVE-2018-14899

LAST UPDATE DATE

2024-11-23T23:02:02.145000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-17426	date:	2018-09-04T00:00:00
db:	VULHUB	id:	VHN-125104	date:	2018-11-08T00:00:00
db:	VULMON	id:	CVE-2018-14899	date:	2018-11-08T00:00:00
db:	JVNDB	id:	JVNDB-2018-010064	date:	2018-12-05T00:00:00
db:	CNNVD	id:	CNNVD-201808-978	date:	2018-08-31T00:00:00
db:	NVD	id:	CVE-2018-14899	date:	2024-11-21T03:50:02.467

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-17426	date:	2018-09-03T00:00:00
db:	VULHUB	id:	VHN-125104	date:	2018-08-30T00:00:00
db:	VULMON	id:	CVE-2018-14899	date:	2018-08-30T00:00:00
db:	JVNDB	id:	JVNDB-2018-010064	date:	2018-12-05T00:00:00
db:	CNNVD	id:	CNNVD-201808-978	date:	2018-08-31T00:00:00
db:	NVD	id:	CVE-2018-14899	date:	2018-08-30T17:29:00.473