Vulnerability-Lookup

CNVD-2019-43855

Vulnerability from cnvd - Published: 2019-12-04

Title

Epson WorkForce WF-2861拒绝服务漏洞（CNVD-2019-43855）

Description

Epson WorkForce WF-2861是一款Wi-Fi双面多功能一体喷墨打印机。 Epson WorkForce WF-2861 10.48 LQ22I3、10.51.LQ20I6、10.52.LQ17IA存在放大攻击漏洞。该漏洞源于该设备使用SNMP查找网络上的某些设。攻击者可利用该漏洞进行放大攻击，从而可导致拒绝服务。

Severity

中

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://www.epson.com.hk/%E5%95%86%E7%94%A8/%E6%89%93%E5%8D%B0%E6%A9%9F/%E5%99%B4%E5%A2%A8%E6%89%93%E5%8D%B0%E6%A9%9F/Epson-WorkForce-WF-2861/p/C11CG28503

Reference

https://nvd.nist.gov/vuln/detail/CVE-2018-18960

Impacted products

Name
['Epson WorkForce WF-2861 10.52.LQ17IA', 'Epson WorkForce WF-2861 10.51.LQ20I6', 'Epson WorkForce WF-2861 10.48 LQ22I3']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-18960"
    }
  },
  "description": "Epson WorkForce WF-2861\u662f\u4e00\u6b3eWi-Fi\u53cc\u9762\u591a\u529f\u80fd\u4e00\u4f53\u55b7\u58a8\u6253\u5370\u673a\u3002\n\nEpson WorkForce WF-2861 10.48 LQ22I3\u300110.51.LQ20I6\u300110.52.LQ17IA\u5b58\u5728\u653e\u5927\u653b\u51fb\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8be5\u8bbe\u5907\u4f7f\u7528SNMP\u67e5\u627e\u7f51\u7edc\u4e0a\u7684\u67d0\u4e9b\u8bbe\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8fdb\u884c\u653e\u5927\u653b\u51fb\uff0c\u4ece\u800c\u53ef\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.epson.com.hk/%E5%95%86%E7%94%A8/%E6%89%93%E5%8D%B0%E6%A9%9F/%E5%99%B4%E5%A2%A8%E6%89%93%E5%8D%B0%E6%A9%9F/Epson-WorkForce-WF-2861/p/C11CG28503",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-43855",
  "openTime": "2019-12-04",
  "products": {
    "product": [
      "Epson WorkForce WF-2861 10.52.LQ17IA",
      "Epson WorkForce WF-2861 10.51.LQ20I6",
      "Epson WorkForce WF-2861 10.48 LQ22I3"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-18960",
  "serverity": "\u4e2d",
  "submitTime": "2018-12-25",
  "title": "Epson WorkForce WF-2861\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2019-43855\uff09"
}

CVE-2018-18960 (GCVE-0-2018-18960)

Vulnerability from cvelistv5 – Published: 2018-12-24 17:00 – Updated: 2024-08-05 11:23

Summary

An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. They use SNMP to find certain devices on the network, but the default version is v2c, allowing an amplification attack.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

1 reference

URL	Tags
https://github.com/epistemophilia/CVEs/blob/maste…	x_refsource_MISC

Date Public

2018-11-29 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:23:08.484Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/epistemophilia/CVEs/blob/master/Epson-WorkForce-WF2861/CVE-2018-18960/poc-cve-2018-18960.py"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-11-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. They use SNMP to find certain devices on the network, but the default version is v2c, allowing an amplification attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-12-24T16:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/epistemophilia/CVEs/blob/master/Epson-WorkForce-WF2861/CVE-2018-18960/poc-cve-2018-18960.py"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-18960",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. They use SNMP to find certain devices on the network, but the default version is v2c, allowing an amplification attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/epistemophilia/CVEs/blob/master/Epson-WorkForce-WF2861/CVE-2018-18960/poc-cve-2018-18960.py",
              "refsource": "MISC",
              "url": "https://github.com/epistemophilia/CVEs/blob/master/Epson-WorkForce-WF2861/CVE-2018-18960/poc-cve-2018-18960.py"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-18960",
    "datePublished": "2018-12-24T17:00:00.000Z",
    "dateReserved": "2018-11-05T00:00:00.000Z",
    "dateUpdated": "2024-08-05T11:23:08.484Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2019-43855

CVE-2018-18960 (GCVE-0-2018-18960)

Tags

Sightings

Nomenclature