CVE-2018-18959

Name of the Vulnerable Software and Affected Versions Epson WorkForce WF-2861 versions 10.48 LQ22I3, 10.51.LQ20I6, 10.52.LQ17IA

Description An issue was discovered where the device no longer functions until a reboot when the data for 'Bonjour Service Location' at the "/PRESENTATION/BONJOUR" API endpoint is more than 251 bytes when sending data for Air Print Setting on the 'Air Print Setting' web page.

Recommendations For version 10.48 LQ22I3, avoid using the 'Air Print Setting' web page with 'Bonjour Service Location' data exceeding 251 bytes until a fix is available. For version 10.51.LQ20I6, restrict access to the "/PRESENTATION/BONJOUR" API endpoint to prevent sending large data for 'Bonjour Service Location' until a patch is released. For version 10.52.LQ17IA, consider disabling the 'Air Print Setting' feature temporarily to minimize the risk of device malfunction until the issue is resolved.