CVE-2019-20458

{"id": "CVE-2019-20458", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-11-07T18:15:15.170", "references": [{"url": "https://epson.com/Support/wa00826", "source": "cve@mitre.org"}, {"url": "https://seclists.org/fulldisclosure/2024/Jul/14", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-276"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. By default, the device comes (and functions) without a password. The user is at no point prompted to set up a password on the device (leaving a number of devices without a password). In this case, anyone connecting to the web admin panel is capable of becoming admin without using any credentials."}, {"lang": "es", "value": "Se ha descubierto un problema en los dispositivos Epson Expression Home XP255 20.08.FM10I8. De forma predeterminada, el dispositivo viene (y funciona) sin contrase\u00f1a. En ning\u00fan momento se le solicita al usuario que configure una contrase\u00f1a en el dispositivo (lo que deja varios dispositivos sin contrase\u00f1a). En este caso, cualquier persona que se conecte al panel de administraci\u00f3n web puede convertirse en administrador sin usar ninguna credencial."}], "lastModified": "2024-11-08T19:01:03.880", "sourceIdentifier": "cve@mitre.org"}