cvedb.io
CVE-2018-19248
CRITICAL · CVSS 9.1
EPSS exploitation probability: 0%
Published 2018-12-24T17:29:00.457 · Last modified 2026-06-17T01:49:02.600

Summary

The web service on Epson WorkForce WF-2861 10.48 LQ22I3(Recovery-mode), WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to upload a firmware file and reset the printer without authentication by making a request to the /DOWN/FIRMWAREUPDATE/ROM1 URI and a POST request to the /FIRMWAREUPDATE URI.

Affected products

epson — epson_workforce_wf-2861_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when epson ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.