CVE-2023-4957

Name of the Vulnerable Software and Affected Versions Zebra Technologies ZTC ZT410-203dpi ZPL printer (affected versions not specified)

Description A vulnerability has been found that allows an attacker on the same network as the printer to bypass authentication. This is achieved by sending a specially crafted POST request to the "setvarsResults.cgi" file, enabling the attacker to change the username and password for the Web Page. The printer's protected mode must be disabled for this vulnerability to be exploitable.

Recommendations For the Zebra Technologies ZTC ZT410-203dpi ZPL printer, consider enabling the protected mode to prevent exploitation until a fix is available. As a temporary workaround, restrict access to the "setvarsResults.cgi" file to minimize the risk of exploitation. Avoid using the printer on a network where the protected mode is disabled until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.