CRITICAL🇵🇱 Wersja polska

CVE-2026-23767

CVSS 9.8v3.1pub. 2026-03-05upd. 2026-03-09

ESC/POS, a printer control language designed by Seiko Epson Corporation, lacks mechanisms for user authentication and command authorization, does not provide controls to restrict sources or destinations of network communication, and transmits commands without encryption or integrity protection.

🤖 AI Analysis
How it works

The ESC/POS protocol does not require any authentication before accepting and executing control commands. The lack of authorization mechanisms means that any entity able to establish a network connection to the device can send any commands. Data transmission occurs without encryption and without data integrity verification, which additionally enables eavesdropping and command modification. The protocol also does not provide any controls limiting the sources or destinations of network communication.

Impact

An unauthenticated remote attacker can gain full control over the device — read, modify or block its operation, and potentially compromise the confidentiality, integrity and availability of processed data.

Mitigation & patch

Patches available from the manufacturer should be applied according to references. Additionally, the manufacturer provides an IP Filtering Guide that should be implemented to restrict network access to devices to trusted hosts only. Devices should not be directly accessible from public networks — network segmentation and firewall rules should be applied.

Who is affected

Epson devices: UB-R04, UB-E04 (firmware), UB-E04, SB-H50 (firmware), SB-H50 — specific versions indicated in manufacturer references

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Epson Sb H50

    HW
    Epson
    wszystkie wersje
  • Epson Sb H50 Firmware

    OS
    Epson
    wszystkie wersje
  • Epson Tm H6000v

    HW
    Epson
    wszystkie wersje
  • Epson Tm H6000v Firmware

    OS
    Epson
    wszystkie wersje
  • Epson Tm L100

    HW
    Epson
    wszystkie wersje
  • Epson Tm L100 Firmware

    OS
    Epson
    wszystkie wersje
  • Epson Tm M10

    HW
    Epson
    wszystkie wersje
  • Epson Tm M10 Firmware

    OS
    Epson
    wszystkie wersje
  • Epson Tm M30

    HW
    Epson
    wszystkie wersje
  • Epson Tm M30 Firmware

    OS
    Epson
    wszystkie wersje
  • Epson Tm M30ii

    HW
    Epson
    wszystkie wersje
  • Epson Tm M30ii Firmware

    OS
    Epson
    wszystkie wersje
  • Epson Tm M30ii H

    HW
    Epson
    wszystkie wersje
  • Epson Tm M30ii H Firmware

    OS
    Epson
    wszystkie wersje
  • Epson Tm M30iii

    HW
    Epson
    wszystkie wersje
  • Epson Tm M30iii Firmware

    OS
    Epson
    wszystkie wersje
  • Epson Tm M30iii H

    HW
    Epson
    wszystkie wersje
  • Epson Tm M30iii H Firmware

    OS
    Epson
    wszystkie wersje
  • Epson Tm M30ii S

    HW
    Epson
    wszystkie wersje
  • Epson Tm M30ii S Firmware

    OS
    Epson
    wszystkie wersje
  • Epson Tm M30ii Sl

    HW
    Epson
    wszystkie wersje
  • Epson Tm M30ii Sl Firmware

    OS
    Epson
    wszystkie wersje
  • Epson Tm M55

    HW
    Epson
    wszystkie wersje
  • Epson Tm M55 Firmware

    OS
    Epson
    wszystkie wersje
  • Epson Tm P20

    HW
    Epson
    wszystkie wersje
  • Epson Tm P20 Firmware

    OS
    Epson
    wszystkie wersje
  • Epson Tm P20ii

    HW
    Epson
    wszystkie wersje
  • Epson Tm P20ii Firmware

    OS
    Epson
    wszystkie wersje
  • Epson Tm P60ii

    HW
    Epson
    wszystkie wersje
  • Epson Tm P60ii Firmware

    OS
    Epson
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-36133CRITICAL9.1ten sam vendor

The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500 allows authe...

CVE-2020-28929CRITICAL9.8ten sam vendor

Unrestricted access to the log downloader functionality in EPSON EPS TSE Server 8 (21.0.11) allows an unauthen...

CVE-2020-6091CRITICAL9.1ten sam vendor

An exploitable authentication bypass vulnerability exists in the ESPON Web Control functionality of Epson EB-1...

CVE-2018-19248CRITICAL9.1ten sam vendor

The web service on Epson WorkForce WF-2861 10.48 LQ22I3(Recovery-mode), WF-2861 10.51.LQ20I6, and WF-2861 10.5...

CVE-2017-12860CRITICAL9.8ten sam vendor

The Epson "EasyMP" software is designed to remotely stream a users computer to supporting projectors.These dev...