cvelistv5 - cve-2026-23767

CVE-2026-23767 (GCVE-0-2026-23767)

Vulnerability from cvelistv5

Published

2026-03-05 05:34

Modified

2026-03-06 10:21

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-306 - Missing authentication for critical function

Summary

ESC/POS, a printer control language designed by Seiko Epson Corporation, lacks mechanisms for user authentication and command authorization, does not provide controls to restrict sources or destinations of network communication, and transmits commands without encryption or integrity protection.

References

URL

Tags

	https://www.epson.jp/support/misc_t/260305_oshirase.htm
	https://download4.epson.biz/sec_pubs/bs/pdf/IP_Filtering_Guide_en_revA.pdf
	https://jvn.jp/en/ta/JVNTA97995322/

Impacted products

	Vendor	Product	Version
	Seiko Epson Corporation	ESC/POS	Version: All products implementing ESC/POS

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-23767",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-06T10:20:45.963541Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-06T10:21:28.591Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ESC/POS",
          "vendor": "Seiko Epson Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All products implementing ESC/POS"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ESC/POS, a printer control language designed by Seiko Epson Corporation, lacks mechanisms for user authentication and command authorization, does not provide controls to restrict sources or destinations of network communication, and transmits commands without encryption or integrity protection."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "Missing authentication for critical function",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-05T05:34:40.895Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.epson.jp/support/misc_t/260305_oshirase.htm"
        },
        {
          "url": "https://download4.epson.biz/sec_pubs/bs/pdf/IP_Filtering_Guide_en_revA.pdf"
        },
        {
          "url": "https://jvn.jp/en/ta/JVNTA97995322/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2026-23767",
    "datePublished": "2026-03-05T05:34:40.895Z",
    "dateReserved": "2026-01-16T02:20:20.477Z",
    "dateUpdated": "2026-03-06T10:21:28.591Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-23767\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-06T10:20:45.963541Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-06T10:21:23.132Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Seiko Epson Corporation\", \"product\": \"ESC/POS\", \"versions\": [{\"status\": \"affected\", \"version\": \"All products implementing ESC/POS\"}]}], \"references\": [{\"url\": \"https://www.epson.jp/support/misc_t/260305_oshirase.htm\"}, {\"url\": \"https://download4.epson.biz/sec_pubs/bs/pdf/IP_Filtering_Guide_en_revA.pdf\"}, {\"url\": \"https://jvn.jp/en/ta/JVNTA97995322/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"ESC/POS, a printer control language designed by Seiko Epson Corporation, lacks mechanisms for user authentication and command authorization, does not provide controls to restrict sources or destinations of network communication, and transmits commands without encryption or integrity protection.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-306\", \"description\": \"Missing authentication for critical function\"}]}], \"providerMetadata\": {\"orgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"shortName\": \"jpcert\", \"dateUpdated\": \"2026-03-05T05:34:40.895Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-23767\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-06T10:21:28.591Z\", \"dateReserved\": \"2026-01-16T02:20:20.477Z\", \"assignerOrgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"datePublished\": \"2026-03-05T05:34:40.895Z\", \"assignerShortName\": \"jpcert\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

cve-2026-23767

Vulnerability from jvndb

Published

2026-03-06 10:31

Modified

2026-03-06 10:31

Summary

Security issues in ESC/POS

Details

ESC/POS is a printer control language designed by Seiko Epson Corporation for controlling POS printers and related devices. The following security issues have been identified with ESC/POS. Products implementing ESC/POS need to be designed and operated with consideration of the following security issues: Missing authentication for critical function (CWE-306) ESC/POS does not define any mechanisms for user authentication or command authorization. Consequently, printers accepting ESC/POS commands over a network have no restrictions on connections, allowing commands to be sent from any host on the network. Improper access control (CWE-284) ESC/POS does not define any mechanisms to restrict origins or destinations of communication. Many printers listen for ESC/POS communication on TCP port 9100 by default, potentially allowing access from any host on the network. Cleartext transmission of sensitive information (CWE-319) ESC/POS command transmission does not provide encryption or integrity protection mechanisms, and communicate is performed in plaintext. Consequently, attackers on the same network could be able to intercept or tamper with transmitted data. JPCERT/CC has assigned CVE-2026-23767 to the vulnerability originating from the ESC/POS specification. This document was written by Seiko Epson Corporation and JPCERT/CC. The issue regarding the lack of an authentication mechanism was reported to Seiko Epson Corporation by Michael Cook (FutileSkills), and coordinated by JPCERT/CC.

References

Type

URL

	JVN	https://jvn.jp/en/ta/JVNTA97995322/index.html
	CVE	https://www.cve.org/CVERecord?id=CVE-2026-23767
	Improper Access Control(CWE-284)	https://cwe.mitre.org/data/definitions/284.html
	Missing Authentication for Critical Function(CWE-306)	https://cwe.mitre.org/data/definitions/306.html
	Cleartext Transmission of Sensitive Information(CWE-319)	https://cwe.mitre.org/data/definitions/319.html

Impacted products

Vendor

Product

SEIKO EPSON CORPORATION

(Multiple Products)

Show details on JVN DB website