CVE-2019-20460

Name of the Vulnerable Software and Affected Versions Epson Expression Home XP255 version 20.08.FM10I8

Description An issue was discovered where POST requests do not require anti-CSRF tokens or other mechanisms for validating that the request is from a legitimate source. This allows for CSRF attacks to be used to send text directly to the RAW printer interface, potentially delivering unwanted printouts to end users.

Recommendations For Epson Expression Home XP255 version 20.08.FM10I8, consider disabling the ability to send POST requests to the printer interface until a patch is available. Restrict access to the printer's RAW interface to minimize the risk of exploitation. Update to the latest firmware as soon as it becomes available to mitigate this issue.