CVE-2018-19232

Name of the Vulnerable Software and Affected Versions Epson WorkForce WF-2861 version 10.48 LQ22I3(Recovery-mode) Epson WorkForce WF-2861 version 10.51.LQ20I6 Epson WorkForce WF-2861 version 10.52.LQ17IA

Description The issue allows remote attackers to cause a denial of service. This can be achieved via a FIRMWAREUPDATE GET request. For example, the "/DOWN/FIRMWAREUPDATE/ROM1" URI is vulnerable.

Recommendations For Epson WorkForce WF-2861 version 10.48 LQ22I3(Recovery-mode), restrict access to the FIRMWAREUPDATE GET request to minimize the risk of exploitation. For Epson WorkForce WF-2861 version 10.51.LQ20I6, avoid using the /DOWN/FIRMWAREUPDATE/ROM1 URI until the issue is resolved. For Epson WorkForce WF-2861 version 10.52.LQ17IA, consider disabling the FIRMWAREUPDATE functionality until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.