CVE-2018-0689

CVSS V2 Medium 6.8 CVSS V3 High 8.8
Description
HTTP header injection vulnerability in SEIKO EPSON printers and scanners (DS-570W firmware versions released prior to 2018 March 13, DS-780N firmware versions released prior to 2018 March 13, EP-10VA firmware versions released prior to 2017 September 4, EP-30VA firmware versions released prior to 2017 June 19, EP-707A firmware versions released prior to 2017 August 1, EP-708A firmware versions released prior to 2017 August 7, EP-709A firmware versions released prior to 2017 June 12, EP-777A firmware versions released prior to 2017 August 1, EP-807AB/AW/AR firmware versions released prior to 2017 August 1, EP-808AB/AW/AR firmware versions released prior to 2017 August 7, EP-879AB/AW/AR firmware versions released prior to 2017 June 12, EP-907F firmware versions released prior to 2017 August 1, EP-977A3 firmware versions released prior to 2017 August 1, EP-978A3 firmware versions released prior to 2017 August 7, EP-979A3 firmware versions released prior to 2017 June 12, EP-M570T firmware versions released prior to 2017 September 6, EW-M5071FT firmware versions released prior to 2017 November 2, EW-M660FT firmware versions released prior to 2018 April 19, EW-M770T firmware versions released prior to 2017 September 6, PF-70 firmware versions released prior to 2018 April 20, PF-71 firmware versions released prior to 2017 July 18, PF-81 firmware versions released prior to 2017 September 14, PX-048A firmware versions released prior to 2017 July 4, PX-049A firmware versions released prior to 2017 September 11, PX-437A firmware versions released prior to 2017 July 24, PX-M350F firmware versions released prior to 2018 February 23, PX-M5040F firmware versions released prior to 2017 November 20, PX-M5041F firmware versions released prior to 2017 November 20, PX-M650A firmware versions released prior to 2017 October 17, PX-M650F firmware versions released prior to 2017 October 17, PX-M680F firmware versions released prior to 2017 June 29, PX-M7050F firmware versions released prior to 2017 October 13, PX-M7050FP firmware versions released prior to 2017 October 13, PX-M7050FX firmware versions released prior to 2017 November 7, PX-M7070FX firmware versions released prior to 2017 April 27, PX-M740F firmware versions released prior to 2017 December 4, PX-M741F firmware versions released prior to 2017 December 4, PX-M780F firmware versions released prior to 2017 June 29, PX-M781F firmware versions released prior to 2017 June 27, PX-M840F firmware versions released prior to 2017 November 16, PX-M840FX firmware versions released prior to 2017 December 8, PX-M860F firmware versions released prior to 2017 October 25, PX-S05B/W firmware versions released prior to 2018 March 9, PX-S350 firmware versions released prior to 2018 February 23, PX-S5040 firmware versions released prior to 2017 November 20, PX-S7050 firmware versions released prior to 2018 February 21, PX-S7050PS firmware versions released prior to 2018 February 21, PX-S7050X firmware versions released prior to 2017 November 7, PX-S7070X firmware versions released prior to 2017 April 27, PX-S740 firmware versions released prior to 2017 December 3, PX-S840 firmware versions released prior to 2017 November 16, PX-S840X firmware versions released prior to 2017 December 8, PX-S860 firmware versions released prior to 2017 December 7) may allow a remote attackers to lead a user to a phishing site or execute an arbitrary script on the user's web browser.
Overview
  • CVE ID
  • CVE-2018-0689
  • Assigner
  • vultures@jpcert.or.jp
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2019-01-09T23:29:01
  • Last Modified Date
  • 2019-02-15T16:47:50
Weakness Enumerations
CWE URL
CWE-113 http://cwe.mitre.org/data/definitions/113.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:epson:ds-570w_firmware:*:*:*:*:*:*:*:* 1 OR 2018-03-13
cpe:2.3:h:epson:ds-570w:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:ds-780n_firmware:*:*:*:*:*:*:*:* 1 OR 2018-03-13
cpe:2.3:h:epson:ds-780n:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:ep-10va_firmware:*:*:*:*:*:*:*:* 1 OR 2017-09-04
cpe:2.3:h:epson:ep-10va:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:ep-30va_firmware:*:*:*:*:*:*:*:* 1 OR 2017-06-19
cpe:2.3:h:epson:ep-30va:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:ep-707a_firmware:*:*:*:*:*:*:*:* 1 OR 2017-08-01
cpe:2.3:h:epson:ep-707a:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:ep-708a_firmware:*:*:*:*:*:*:*:* 1 OR 2017-08-07
cpe:2.3:h:epson:ep-708a:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:ep-709a_firmware:*:*:*:*:*:*:*:* 1 OR 2017-06-12
cpe:2.3:h:epson:ep-709a:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:ep-777a_firmware:*:*:*:*:*:*:*:* 1 OR 2017-08-01
cpe:2.3:h:epson:ep-777a:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:ep-807ab_firmware:*:*:*:*:*:*:*:* 1 OR 2017-08-01
cpe:2.3:h:epson:ep-807ab:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:ep-807aw_firmware:*:*:*:*:*:*:*:* 1 OR 2017-08-01
cpe:2.3:h:epson:ep-807aw:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:ep-807ar_firmware:*:*:*:*:*:*:*:* 1 OR 2017-08-01
cpe:2.3:h:epson:ep-807ar:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:ep-808ab_firmware:*:*:*:*:*:*:*:* 1 OR 2017-08-07
cpe:2.3:h:epson:ep-808ab:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:ep-808aw_firmware:*:*:*:*:*:*:*:* 1 OR 2017-08-07
cpe:2.3:h:epson:ep-808aw:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:ep-808ar_firmware:*:*:*:*:*:*:*:* 1 OR 2017-08-07
cpe:2.3:h:epson:ep-808ar:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:ep-879ab_firmware:*:*:*:*:*:*:*:* 1 OR 2017-06-12
cpe:2.3:h:epson:ep-879ab:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:ep-879aw_firmware:*:*:*:*:*:*:*:* 1 OR 2017-06-12
cpe:2.3:h:epson:ep-879aw:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:ep-879ar_firmware:*:*:*:*:*:*:*:* 1 OR 2017-06-12
cpe:2.3:h:epson:ep-879ar:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:ep-907f_firmware:*:*:*:*:*:*:*:* 1 OR 2017-08-01
cpe:2.3:h:epson:ep-907f:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:ep-977a3_firmware:*:*:*:*:*:*:*:* 1 OR 2017-08-01
cpe:2.3:h:epson:ep-977a3:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:ep-978a3_firmware:*:*:*:*:*:*:*:* 1 OR 2017-08-07
cpe:2.3:h:epson:ep-978a3:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:ep-979a3_firmware:*:*:*:*:*:*:*:* 1 OR 2017-06-12
cpe:2.3:h:epson:ep-979a3:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:ep-m570t_firmware:*:*:*:*:*:*:*:* 1 OR 2017-09-06
cpe:2.3:h:epson:ep-m570t:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:ew-m5071ft_firmware:*:*:*:*:*:*:*:* 1 OR 2017-11-02
cpe:2.3:h:epson:ew-m5071ft:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:ew-m660ft_firmware:*:*:*:*:*:*:*:* 1 OR 2018-04-19
cpe:2.3:h:epson:ew-m660ft:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:ew-m770t_firmware:*:*:*:*:*:*:*:* 1 OR 2017-09-06
cpe:2.3:h:epson:ew-m770t:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:pf-70_firmware:*:*:*:*:*:*:*:* 1 OR 2018-04-20
cpe:2.3:h:epson:pf-70:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:pf-71_firmware:*:*:*:*:*:*:*:* 1 OR 2017-07-18
cpe:2.3:h:epson:pf-71:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:pf-81_firmware:*:*:*:*:*:*:*:* 1 OR 2017-09-14
cpe:2.3:h:epson:pf-81:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:px-048a_firmware:*:*:*:*:*:*:*:* 1 OR 2017-07-04
cpe:2.3:h:epson:px-048a:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:px-049a_firmware:*:*:*:*:*:*:*:* 1 OR 2017-09-11
cpe:2.3:h:epson:px-049a:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:px-437a_firmware:*:*:*:*:*:*:*:* 1 OR 2017-07-24
cpe:2.3:h:epson:px-437a:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:px-m350f_firmware:*:*:*:*:*:*:*:* 1 OR 2018-02-23
cpe:2.3:h:epson:px-m350f:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:px-m5040f_firmware:*:*:*:*:*:*:*:* 1 OR 2017-11-20
cpe:2.3:h:epson:px-m5040f:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:px-m5041f_firmware:*:*:*:*:*:*:*:* 1 OR 2017-11-20
cpe:2.3:h:epson:px-m5041f:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:px-m650a_firmware:*:*:*:*:*:*:*:* 1 OR 2017-10-17
cpe:2.3:h:epson:px-m650a:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:px-m650f_firmware:*:*:*:*:*:*:*:* 1 OR 2017-10-17
cpe:2.3:h:epson:px-m650f:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:px-m680f_firmware:*:*:*:*:*:*:*:* 1 OR 2017-06-29
cpe:2.3:h:epson:px-m680f:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:px-m7050f_firmware:*:*:*:*:*:*:*:* 1 OR 2017-10-13
cpe:2.3:h:epson:px-m7050f:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:px-m7050fp_firmware:*:*:*:*:*:*:*:* 1 OR 2017-10-13
cpe:2.3:h:epson:px-m7050fp:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:px-m7050fx_firmware:*:*:*:*:*:*:*:* 1 OR 2017-11-07
cpe:2.3:h:epson:px-m7050fx:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:px-m7070fx_firmware:*:*:*:*:*:*:*:* 1 OR 2017-04-27
cpe:2.3:h:epson:px-m7070fx:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:px-m740f_firmware:*:*:*:*:*:*:*:* 1 OR 2017-06-29
cpe:2.3:h:epson:px-m740f:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:px-m781f_firmware:*:*:*:*:*:*:*:* 1 OR 2017-06-27
cpe:2.3:h:epson:px-m781f:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:px-m840f_firmware:*:*:*:*:*:*:*:* 1 OR 2017-11-16
cpe:2.3:h:epson:px-m840f:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:px-m840fx_firmware:*:*:*:*:*:*:*:* 1 OR 2017-12-08
cpe:2.3:h:epson:px-m840fx:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:px-m860f_firmware:*:*:*:*:*:*:*:* 1 OR 2017-10-25
cpe:2.3:h:epson:px-m860f:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:px-s05b_firmware:*:*:*:*:*:*:*:* 1 OR 2018-03-09
cpe:2.3:h:epson:px-s05b:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:px-s05w_firmware:*:*:*:*:*:*:*:* 1 OR 2018-03-09
cpe:2.3:h:epson:px-s05w:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:px-s350_firmware:*:*:*:*:*:*:*:* 1 OR 2018-02-23
cpe:2.3:h:epson:px-s350:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:px-s5040_firmware:*:*:*:*:*:*:*:* 1 OR 2017-11-20
cpe:2.3:h:epson:px-s5040:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:px-s7050_firmware:*:*:*:*:*:*:*:* 1 OR 2018-02-21
cpe:2.3:h:epson:px-s7050:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:px-s7050ps_firmware:*:*:*:*:*:*:*:* 1 OR 2018-02-21
cpe:2.3:h:epson:px-s7050ps:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:px-s7050x_firmware:*:*:*:*:*:*:*:* 1 OR 2017-11-07
cpe:2.3:h:epson:px-s7050x:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:px-s7070x_firmware:*:*:*:*:*:*:*:* 1 OR 2017-04-27
cpe:2.3:h:epson:px-s7070x:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:px-s740_firmware:*:*:*:*:*:*:*:* 1 OR 2017-12-03
cpe:2.3:h:epson:px-s740:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:px-s840_firmware:*:*:*:*:*:*:*:* 1 OR 2017-11-16
cpe:2.3:h:epson:px-s840:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:px-s840x_firmware:*:*:*:*:*:*:*:* 1 OR 2017-12-08
cpe:2.3:h:epson:px-s840x:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:epson:px-s860_firmware:*:*:*:*:*:*:*:* 1 OR 2017-12-07
cpe:2.3:h:epson:px-s860:-:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:P/I:P/A:P
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • PARTIAL
  • Base Score
  • 6.8
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8.6
  • Impact Score
  • 6.4
CVSS Version 3
  • Version
  • 3.0
  • Vector String
  • CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • REQUIRED
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • HIGH
  • Base Score
  • 8.8
  • Base Severity
  • HIGH
  • Exploitability Score
  • 2.8
  • Impact Score
  • 5.9
References
Reference URL Reference Tags
https://www.epson.jp/support/misc/20181203_oshirase.htm Vendor Advisory
https://jvn.jp/en/jp/JVN89767228/index.html VDB Entry Third Party Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2018-0689
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0689
History
Created Old Value New Value Data Type Notes
2022-05-10 07:58:37 Added to TrackCVE
2022-12-03 16:12:20 2019-01-09T23:29Z 2019-01-09T23:29:01 CVE Published Date updated
2022-12-03 16:12:20 2019-02-15T16:47:50 CVE Modified Date updated
2022-12-03 16:12:20 Analyzed Vulnerability Status updated