Thursday, May 21, 2020

Vulnerability Spotlight: Authentication bypass vulnerability in some Epson projectors

Yuri Kramarz of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.

The Epson EB-1470UI Projector contains an authentication bypass vulnerability in its web control functionality. This projector allows users to control it over the web. However, an adversary could trick a
user into opening a specifically crafted web page, which would allow the attacker to bypass authentication and giving them full read/write configuration access.

Cisco Talos is disclosing this vulnerability after Epson did not patch it per Cisco’s 90-day deadline. After initially acknowledging receipt of the issue, Talos was unable to get a reply from the vendor to any follow-up requests. Update: Epson has patched this issue in October 2020, please click here for the patch and the list of impacted devices. Read more about the Cisco vulnerability disclosure policy here.

Vulnerability details

Epson EB-1470Ui EPSON web control authentication bypass vulnerability (TALOS-2020-1011/CVE-2020-6091)

An exploitable authentication bypass vulnerability exists in the ESPON Web Control functionality of Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303. A specially crafted series of HTTP requests can cause authentication bypass, resulting in information disclosure. An attacker can send an HTTP request to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information. 

Versions tested

Talos tested and confirmed that this vulnerability affects the Epson EB-1470Ui, MAIN: 98009273ESWWV107, MAIN2: 8X7325WWV303.

Coverage

The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Snort Rules: 53069, 53070

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.