All the vulnerabilites related to Zebra Technologies - ZTC ZT410
cve-2023-4957
Vulnerability from cvelistv5
Published
2023-10-11 13:21
Modified
2024-09-05 18:06
Severity ?
EPSS score ?
Summary
Authentication Bypass on Zebra ZTC
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Zebra Technologies | ZTC ZT410 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/authentication-bypass-zebra-ztc"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4957",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T18:02:24.582285Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T18:06:06.703Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ZTC ZT410",
"vendor": "Zebra Technologies",
"versions": [
{
"status": "affected",
"version": "203dpi ZPL 18J150703184"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "David C\u00e1mara Galindo"
}
],
"datePublic": "2023-10-11T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": " A vulnerability of authentication bypass has been found on a Zebra Technologies ZTC ZT410-203dpi ZPL printer. This vulnerability allows an attacker that is in the same network as the printer, to change the username and password for the Web Page by sending a specially crafted POST request to the setvarsResults.cgi file. For this vulnerability to be exploitable, the printers protected mode must be disabled."
}
],
"value": " A vulnerability of authentication bypass has been found on a Zebra Technologies ZTC ZT410-203dpi ZPL printer. This vulnerability allows an attacker that is in the same network as the printer, to change the username and password for the Web Page by sending a specially crafted POST request to the setvarsResults.cgi file. For this vulnerability to be exploitable, the printers protected mode must be disabled."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-11T13:21:32.613Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/authentication-bypass-zebra-ztc"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zebra Printers running Link-OS v6.0 and later have a protected mode that protects the printer from this vulnerability. Activating this mode disables unauthorized changes and locks the current configuration until an administrator authorizes updates. By default, the secure mode is disabled as it is necessary to generate a password first. NOTE: the ZT410 industrial printer was discontinued on Oct 1st, 2020. The service and Support discontinuation dates are in September and December 2025 depending on region. Further information regarding security settings and best practices, including \u201cProtected Mode\u201d, can be found in the references."
}
],
"value": "Zebra Printers running Link-OS v6.0 and later have a protected mode that protects the printer from this vulnerability. Activating this mode disables unauthorized changes and locks the current configuration until an administrator authorizes updates. By default, the secure mode is disabled as it is necessary to generate a password first. NOTE: the ZT410 industrial printer was discontinued on Oct 1st, 2020. The service and Support discontinuation dates are in September and December 2025 depending on region. Further information regarding security settings and best practices, including \u201cProtected Mode\u201d, can be found in the references."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authentication Bypass on Zebra ZTC",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2023-4957",
"datePublished": "2023-10-11T13:21:32.613Z",
"dateReserved": "2023-09-14T07:08:37.883Z",
"dateUpdated": "2024-09-05T18:06:06.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}