Epson Eps Tse Server 8 Firmware vulnerabilities
3 known vulnerabilities affecting epson/eps_tse_server_8_firmware.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2020-28929P2CRITICALCVSS 9.8v21.0.112020-12-16
CVE-2020-28929 [CRITICAL] CWE-306 CVE-2020-28929: Unrestricted access to the log downloader functionality in EPSON EPS TSE Server 8 (21.0.11) allows a
Unrestricted access to the log downloader functionality in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to remotely retrieve administrative hashed credentials via the maintenance/troubleshoot.php?download=1 URI.
nvd
CVE-2020-28931P3HIGHCVSS 8.8v21.0.112020-12-16
CVE-2020-28931 [HIGH] CWE-352 CVE-2020-28931: Lack of an anti-CSRF token in the entire administrative interface in EPSON EPS TSE Server 8 (21.0.11
Lack of an anti-CSRF token in the entire administrative interface in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to force an administrator to execute external POST requests by visiting a malicious website.
nvd
CVE-2020-28930P4MEDIUMCVSS 5.4v21.0.112020-12-16
CVE-2020-28930 [MEDIUM] CWE-79 CVE-2020-28930: A Cross-Site Scripting (XSS) issue in the 'update user' and 'delete user' functionalities in setting
A Cross-Site Scripting (XSS) issue in the 'update user' and 'delete user' functionalities in settings/users.php in EPSON EPS TSE Server 8 (21.0.11) allows an authenticated attacker to inject a JavaScript payload in the user management page that is executed by an administrator.
nvd