CVE-2018-14899 - OpenCVE

On the EPSON WF-2750 printer with firmware JP02I2, the Web interface AirPrint Setup page is vulnerable to HTML Injection that can redirect users to malicious sites.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Epson	Wf-2750 Firmware Wf-2750

Configuration 1 [-]

AND

cpe:2.3:o:epson:wf-2750_firmware:jp02l2:*:*:*:*:*:*:*

cpe:2.3:h:epson:wf-2750:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.vdalabs.com/2018/08/26/epson-printer-vulnerabilities/	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-08-30T17:00:00

Updated: 2018-08-30T16:57:01

Reserved: 2018-08-03T00:00:00

Link: CVE-2018-14899

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-08-30T17:29:00.473

Modified: 2018-11-08T21:07:04.617

Link: CVE-2018-14899

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:epson:wf-2750_firmware:jp02l2:*:*:*:*:*:*:*", "matchCriteriaId": "1BFA104A-2D92-4A9D-9978-5AD6F8CF32CA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:epson:wf-2750:-:*:*:*:*:*:*:*", "matchCriteriaId": "94AF4F43-F053-4F73-A0C7-4329219BFFEE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "On the EPSON WF-2750 printer with firmware JP02I2, the Web interface AirPrint Setup page is vulnerable to HTML Injection that can redirect users to malicious sites."}, {"lang": "es", "value": "En la impresora EPSON WF-2750 con firmware JP02I2, la interfaz web de la p\u00e1gina AirPrint Setup es vulnerable a una inyecci\u00f3n HTML que puede redirigir usuarios a sitios maliciosos."}], "id": "CVE-2018-14899", "lastModified": "2018-11-08T21:07:04.617", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-08-30T17:29:00.473", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.vdalabs.com/2018/08/26/epson-printer-vulnerabilities/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}