Details of VAR-201812-0475

ID

VAR-201812-0475

CVE

CVE-2018-18960

TITLE

Epson WorkForce WF-2861 Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-013794

DESCRIPTION

An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. They use SNMP to find certain devices on the network, but the default version is v2c, allowing an amplification attack. Epson WorkForce WF-2861 Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Epson WorkForce WF-2861 is a Wi-Fi duplex all-in-one inkjet printer. An attacker could use this vulnerability to perform an amplification attack, which could lead to a denial of service. A security vulnerability exists in the Epson WorkForce WF-2861 using firmware versions 10.48 LQ22I3, 10.51.LQ20I6, and 10.52.LQ17IA

Trust: 2.25

sources: NVD: CVE-2018-18960 // JVNDB: JVNDB-2018-013794 // CNVD: CNVD-2019-43855 // VULHUB: VHN-129572

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-43855

AFFECTED PRODUCTS

vendor:	epson	model:	workforce wf-2861	scope:	eq	version:	10.51.lq20i6	Trust: 1.0
vendor:	epson	model:	workforce wf-2861	scope:	eq	version:	10.52.lq17ia	Trust: 1.0
vendor:	epson	model:	workforce wf-2861	scope:	eq	version:	10.48_lq22i3	Trust: 1.0
vendor:	seiko epson	model:	wf-2861	scope:	eq	version:	10.48 lq22i3	Trust: 0.8
vendor:	seiko epson	model:	wf-2861	scope:	eq	version:	10.51.lq20i6	Trust: 0.8
vendor:	seiko epson	model:	wf-2861	scope:	eq	version:	10.52.lq17ia	Trust: 0.8
vendor:	epson	model:	workforce wf-2861 10.52.lq17ia	scope:	-	version:	-	Trust: 0.6
vendor:	epson	model:	workforce wf-2861 10.51.lq20i6	scope:	-	version:	-	Trust: 0.6
vendor:	epson	model:	workforce wf-2861 lq22i3	scope:	eq	version:	10.48	Trust: 0.6

sources: CNVD: CNVD-2019-43855 // JVNDB: JVNDB-2018-013794 // NVD: CVE-2018-18960

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-18960
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-18960
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-43855
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201812-1105
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-129572
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-18960
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-43855
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-129572
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-18960
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-43855 // VULHUB: VHN-129572 // JVNDB: JVNDB-2018-013794 // CNNVD: CNNVD-201812-1105 // NVD: CVE-2018-18960

PROBLEMTYPE DATA

problemtype:	CWE-400	Trust: 1.1
problemtype:	CWE-20	Trust: 0.9

sources: VULHUB: VHN-129572 // JVNDB: JVNDB-2018-013794 // NVD: CVE-2018-18960

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-1105

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201812-1105

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013794

PATCH

title:

トップページ

url:

https://www.epson.jp/

Trust: 0.8

sources: JVNDB: JVNDB-2018-013794

EXTERNAL IDS

db:	NVD	id:	CVE-2018-18960	Trust: 3.1
db:	JVNDB	id:	JVNDB-2018-013794	Trust: 0.8
db:	CNNVD	id:	CNNVD-201812-1105	Trust: 0.7
db:	CNVD	id:	CNVD-2019-43855	Trust: 0.6
db:	VULHUB	id:	VHN-129572	Trust: 0.1

sources: CNVD: CNVD-2019-43855 // VULHUB: VHN-129572 // JVNDB: JVNDB-2018-013794 // CNNVD: CNNVD-201812-1105 // NVD: CVE-2018-18960

REFERENCES

url:	https://github.com/epistemophilia/cves/blob/master/epson-workforce-wf2861/cve-2018-18960/poc-cve-2018-18960.py	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-18960	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18960	Trust: 0.8

sources: CNVD: CNVD-2019-43855 // VULHUB: VHN-129572 // JVNDB: JVNDB-2018-013794 // CNNVD: CNNVD-201812-1105 // NVD: CVE-2018-18960

SOURCES

db:	CNVD	id:	CNVD-2019-43855
db:	VULHUB	id:	VHN-129572
db:	JVNDB	id:	JVNDB-2018-013794
db:	CNNVD	id:	CNNVD-201812-1105
db:	NVD	id:	CVE-2018-18960

LAST UPDATE DATE

2024-11-23T23:01:58.368000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-43855	date:	2019-12-04T00:00:00
db:	VULHUB	id:	VHN-129572	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2018-013794	date:	2019-03-01T00:00:00
db:	CNNVD	id:	CNNVD-201812-1105	date:	2020-10-22T00:00:00
db:	NVD	id:	CVE-2018-18960	date:	2024-11-21T03:56:57.247

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-43855	date:	2019-12-04T00:00:00
db:	VULHUB	id:	VHN-129572	date:	2018-12-24T00:00:00
db:	JVNDB	id:	JVNDB-2018-013794	date:	2019-03-01T00:00:00
db:	CNNVD	id:	CNNVD-201812-1105	date:	2018-12-25T00:00:00
db:	NVD	id:	CVE-2018-18960	date:	2018-12-24T17:29:00.347