CVE-2022-36133

The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500 allows authentication bypass.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://download.epson-biz.com/epson/epson_public_document.php?name=Infomation_history.pdf	Vendor Advisory
https://download.epson-biz.com/modules/colorworks/	Product Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:epson:tm-c3500_firmware:wam31500:*:*:*:*:*:*:*

cpe:2.3:h:epson:tm-c3500:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:epson:tm-c3510_firmware:wam31500:*:*:*:*:*:*:*

cpe:2.3:h:epson:tm-c3510:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:epson:tm-c3520_firmware:wam31500:*:*:*:*:*:*:*

cpe:2.3:h:epson:tm-c3520:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:epson:tm-c7500_firmware:wam31500:*:*:*:*:*:*:*

cpe:2.3:h:epson:tm-c7500:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:epson:tm-c7500g_firmware:wam31500:*:*:*:*:*:*:*

cpe:2.3:h:epson:tm-c7500g:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:epson:tm-c7510_firmware:wam31500:*:*:*:*:*:*:*

cpe:2.3:h:epson:tm-c7510:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:epson:tm-c7510g_firmware:wam31500:*:*:*:*:*:*:*

cpe:2.3:h:epson:tm-c7510g:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:epson:tm-c7520_firmware:wam31500:*:*:*:*:*:*:*

cpe:2.3:h:epson:tm-c7520:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:epson:tm-c7520g_firmware:wam31500:*:*:*:*:*:*:*

cpe:2.3:h:epson:tm-c7520g:-:*:*:*:*:*:*:*

History

08 Aug 2023, 14:22

Type	Values Removed	Values Added
CWE	~~CWE-287~~	NVD-CWE-noinfo

Information

Published : 2022-11-25 06:15

Updated : 2024-02-28 19:51

NVD link : CVE-2022-36133

Mitre link : CVE-2022-36133

CVE.ORG link : CVE-2022-36133

JSON object : View

Products Affected

epson

tm-c7510g_firmware
tm-c7520g
tm-c3510_firmware
tm-c3520_firmware
tm-c3500_firmware
tm-c7500g
tm-c7510
tm-c7520
tm-c7500_firmware
tm-c7500g_firmware
tm-c7520g_firmware
tm-c7500
tm-c3510
tm-c7510g
tm-c3500
tm-c7520_firmware
tm-c7510_firmware
tm-c3520

CWE

NVD-CWE-noinfo

{"id": "CVE-2022-36133", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2022-11-25T06:15:10.623", "references": [{"url": "https://download.epson-biz.com/epson/epson_public_document.php?name=Infomation_history.pdf", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://download.epson-biz.com/modules/colorworks/", "tags": ["Product", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500 allows authentication bypass."}, {"lang": "es", "value": "La funcionalidad WebConfig de los dispositivos Epson TM-C3500 y TM-C7500 con versi\u00f3n de firmware WAM31500 permite omitir la autenticaci\u00f3n."}], "lastModified": "2023-08-08T14:22:24.967", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:epson:tm-c3500_firmware:wam31500:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8CE3A45B-6530-4C33-A9D2-AC9D72416AC6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:epson:tm-c3500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "205C45EA-2C9F-42BC-93E3-D69A1019A3FD"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:epson:tm-c3510_firmware:wam31500:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A09DF37-BC5A-4101-A49B-0A0D9B2EC8CB"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:epson:tm-c3510:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8BA3CD21-9E0C-47DC-9511-8E0295D142AB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:epson:tm-c3520_firmware:wam31500:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9ED8664C-B9B6-4FC2-A19C-50788CCAF34F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:epson:tm-c3520:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "642D29F0-A172-49DB-8298-5B38E17D91A9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:epson:tm-c7500_firmware:wam31500:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "145C939B-77A1-4A77-B97B-8448B6DFEE1D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:epson:tm-c7500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F4A17183-3957-4C3E-A39B-5D6CDC8CA94F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:epson:tm-c7500g_firmware:wam31500:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "162B19E0-009F-4B60-8E50-1EE8578F8C64"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:epson:tm-c7500g:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0A38A5E0-D082-416E-891A-C85D9FC50017"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:epson:tm-c7510_firmware:wam31500:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "399C36C6-BBB7-45C1-B48F-825281D4B635"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:epson:tm-c7510:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "16FDA675-8B4E-4060-B1DE-19F8D279F84E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:epson:tm-c7510g_firmware:wam31500:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A92438C-05B7-41F2-A40F-8677CA8103AB"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:epson:tm-c7510g:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6ABF799C-F7AA-4514-94A2-3175A4130D4B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:epson:tm-c7520_firmware:wam31500:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D521154F-BCFC-4F86-AF63-912CE215C98D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:epson:tm-c7520:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B6B0E31E-2B2E-4E19-AEE3-5A4AE41D0896"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:epson:tm-c7520g_firmware:wam31500:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58DB19D4-3C44-41E0-A114-A804662E3C55"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:epson:tm-c7520g:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5C7EF6CA-D938-48A1-9DA6-AF2C61BAD0C0"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}