Details of VAR-201808-0404

ID

VAR-201808-0404

CVE

CVE-2018-14900

TITLE

EPSON WF-2750 Vulnerabilities related to channel and path errors in printer firmware

Trust: 0.8

sources: JVNDB: JVNDB-2018-010084

DESCRIPTION

On EPSON WF-2750 printers with firmware JP02I2, there is no filtering of print jobs. Remote attackers can send print jobs directly to the printer via TCP port 9100. EPSON WF-2750 The printer firmware contains a vulnerability related to channel and path errors.Information may be tampered with. EPSON WF-2750 is a printer made by EPSON Corporation of Japan

Trust: 1.71

sources: NVD: CVE-2018-14900 // JVNDB: JVNDB-2018-010084 // VULHUB: VHN-125106

AFFECTED PRODUCTS

vendor:	epson	model:	wf-2750	scope:	eq	version:	jp02l2	Trust: 1.6
vendor:	seiko epson	model:	wf-2750	scope:	eq	version:	jp02i2	Trust: 0.8

sources: JVNDB: JVNDB-2018-010084 // CNNVD: CNNVD-201808-977 // NVD: CVE-2018-14900

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-14900
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-14900
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201808-977
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-125106
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-14900
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-125106
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-14900
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-125106 // JVNDB: JVNDB-2018-010084 // CNNVD: CNNVD-201808-977 // NVD: CVE-2018-14900

PROBLEMTYPE DATA

problemtype:

CWE-417

Trust: 1.9

sources: VULHUB: VHN-125106 // JVNDB: JVNDB-2018-010084 // NVD: CVE-2018-14900

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201808-977

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201808-977

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-010084

PATCH

title:

Epson WorkForce WF-2750 All-in-One Printer

url:

https://epson.com/For-Work/Printers/Inkjet/Epson-WorkForce-WF-2750-All-in-One-Printer/p/C11CF76201

Trust: 0.8

sources: JVNDB: JVNDB-2018-010084

EXTERNAL IDS

db:	NVD	id:	CVE-2018-14900	Trust: 2.5
db:	JVNDB	id:	JVNDB-2018-010084	Trust: 0.8
db:	CNNVD	id:	CNNVD-201808-977	Trust: 0.7
db:	VULHUB	id:	VHN-125106	Trust: 0.1

sources: VULHUB: VHN-125106 // JVNDB: JVNDB-2018-010084 // CNNVD: CNNVD-201808-977 // NVD: CVE-2018-14900

REFERENCES

url:	https://www.vdalabs.com/2018/08/26/epson-printer-vulnerabilities/	Trust: 2.5
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14900	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14900	Trust: 0.8

sources: VULHUB: VHN-125106 // JVNDB: JVNDB-2018-010084 // CNNVD: CNNVD-201808-977 // NVD: CVE-2018-14900

SOURCES

db:	VULHUB	id:	VHN-125106
db:	JVNDB	id:	JVNDB-2018-010084
db:	CNNVD	id:	CNNVD-201808-977
db:	NVD	id:	CVE-2018-14900

LAST UPDATE DATE

2024-11-23T23:12:04.590000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-125106	date:	2018-11-08T00:00:00
db:	JVNDB	id:	JVNDB-2018-010084	date:	2018-12-05T00:00:00
db:	CNNVD	id:	CNNVD-201808-977	date:	2018-08-31T00:00:00
db:	NVD	id:	CVE-2018-14900	date:	2024-11-21T03:50:02.650

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-125106	date:	2018-08-30T00:00:00
db:	JVNDB	id:	JVNDB-2018-010084	date:	2018-12-05T00:00:00
db:	CNNVD	id:	CNNVD-201808-977	date:	2018-08-31T00:00:00
db:	NVD	id:	CVE-2018-14900	date:	2018-08-30T17:29:00.613