// For flags

CVE-2020-6091

 

Severity Score

9.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An exploitable authentication bypass vulnerability exists in the ESPON Web Control functionality of Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303. A specially crafted series of HTTP requests can cause authentication bypass resulting in information disclosure. An attacker can send an HTTP request to trigger this vulnerability.

Se presenta una vulnerabilidad de omisión de autenticación explotable en la funcionalidad ESPON Web Control de Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303. Una serie especialmente diseñada de peticiones HTTP puede causar una omisión de autenticación, resultando en una divulgación de información. Un atacante puede enviar una petición HTTP para activar esta vulnerabilidad.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-01-07 CVE Reserved
  • 2020-05-22 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-287: Improper Authentication
  • CWE-288: Authentication Bypass Using an Alternate Path or Channel
CAPEC
References (2)
URL Tag Source
https://epson.com/support/wa00907 X_refsource_confirm
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1011 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Epson
Search vendor "Epson"
 Eb-1470ui Firmware
Search vendor "Epson" for product "Eb-1470ui Firmware"
--
Affected
in Epson
Search vendor "Epson"
 Eb-1470ui
Search vendor "Epson" for product "Eb-1470ui"
--
Safe