JVNDB-2026-006102

Vulnerability from jvndb - Published: 2026-03-06 10:31 - Updated:2026-03-06 10:31
Summary
Security issues in ESC/POS
Details
ESC/POS is a printer control language designed by Seiko Epson Corporation for controlling POS printers and related devices. The following security issues have been identified with ESC/POS. Products implementing ESC/POS need to be designed and operated with consideration of the following security issues: Missing authentication for critical function (CWE-306) ESC/POS does not define any mechanisms for user authentication or command authorization. Consequently, printers accepting ESC/POS commands over a network have no restrictions on connections, allowing commands to be sent from any host on the network. Improper access control (CWE-284) ESC/POS does not define any mechanisms to restrict origins or destinations of communication. Many printers listen for ESC/POS communication on TCP port 9100 by default, potentially allowing access from any host on the network. Cleartext transmission of sensitive information (CWE-319) ESC/POS command transmission does not provide encryption or integrity protection mechanisms, and communicate is performed in plaintext. Consequently, attackers on the same network could be able to intercept or tamper with transmitted data. JPCERT/CC has assigned CVE-2026-23767 to the vulnerability originating from the ESC/POS specification. This document was written by Seiko Epson Corporation and JPCERT/CC. The issue regarding the lack of an authentication mechanism was reported to Seiko Epson Corporation by Michael Cook (FutileSkills), and coordinated by JPCERT/CC.
References
JVN https://jvn.jp/en/ta/JVNTA97995322/index.html
CVE https://www.cve.org/CVERecord?id=CVE-2026-23767
Improper Access Control(CWE-284) https://cwe.mitre.org/data/definitions/284.html
Missing Authentication for Critical Function(CWE-306) https://cwe.mitre.org/data/definitions/306.html
Cleartext Transmission of Sensitive Information(CWE-319) https://cwe.mitre.org/data/definitions/319.html
Impacted products
Show details on JVN DB website
To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-006102.html",
  "dc:date": "2026-03-06T10:31+09:00",
  "dcterms:issued": "2026-03-06T10:31+09:00",
  "dcterms:modified": "2026-03-06T10:31+09:00",
  "description": "ESC/POS is a printer control language designed by Seiko Epson Corporation for controlling POS printers and related devices. The following security issues have been identified with ESC/POS.\r\nProducts implementing ESC/POS need to be designed and operated with consideration of the following security issues:\r\n\r\nMissing authentication for critical function (CWE-306)\r\nESC/POS does not define any mechanisms for user authentication or command authorization. Consequently, printers accepting ESC/POS commands over a network have no restrictions on connections, allowing commands to be sent from any host on the network.\r\n\r\nImproper access control (CWE-284)\r\nESC/POS does not define any mechanisms to restrict origins or destinations of communication. Many printers listen for ESC/POS communication on TCP port 9100 by default, potentially allowing access from any host on the network.\r\n\r\nCleartext transmission of sensitive information (CWE-319)\r\nESC/POS command transmission does not provide encryption or integrity protection mechanisms, and communicate is performed in plaintext. Consequently, attackers on the same network could be able to intercept or tamper with transmitted data.\r\n\r\nJPCERT/CC has assigned CVE-2026-23767 to the vulnerability originating from the ESC/POS specification.\r\nThis document was written by Seiko Epson Corporation and JPCERT/CC.\r\nThe issue regarding the lack of an authentication mechanism was reported to Seiko Epson Corporation by Michael Cook (FutileSkills), and coordinated by JPCERT/CC.",
  "link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-006102.html",
  "sec:cpe": {
    "#text": "cpe:/a:epson:multiple_product",
    "@product": "(Multiple Products)",
    "@vendor": "SEIKO EPSON CORPORATION",
    "@version": "2.2"
  },
  "sec:identifier": "JVNDB-2026-006102",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/ta/JVNTA97995322/index.html",
      "@id": "JVNTA#97995322",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-23767",
      "@id": "CVE-2026-23767",
      "@source": "CVE"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/284.html",
      "@id": "CWE-284",
      "@title": "Improper Access Control(CWE-284)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/306.html",
      "@id": "CWE-306",
      "@title": "Missing Authentication for Critical Function(CWE-306)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/319.html",
      "@id": "CWE-319",
      "@title": "Cleartext Transmission of Sensitive Information(CWE-319)"
    }
  ],
  "title": "Security issues in ESC/POS"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.