Summary
An exploitable authentication bypass vulnerability exists in the ESPON Web Control functionality of Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303. A specially crafted series of HTTP requests can cause authentication bypass resulting in information disclosure. An attacker can send an HTTP request to trigger this vulnerability.
Tested Versions
Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303
Product URLs
https://www.epson.eu/products/projectors/ultra-short-distance/eb-1470ui
CVSSv3 Score
9.8 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Details
The EPSON EB-1470UI PROJECTOR is a wide-screen interactive projector with the high WUXGA resolution which can be used for collaboration and sharing on-screen display. It features multiple ways of accessing and sharing content including touch or gesture and also adds ability co collaborate over networked connection, including WiFi
EPSON Web Control shipping with this projector model is vulnerable to authentication bypass allowing to access device settings and granting full read/write configuration access by visiting specific, unauthenticated, URLs as noted below.
The following pages were found to be accessible:
In order to change date of time, the following URL can be accessed:
http://[PROJECTOR IP]/cgi-bin/webconf?page=23
In order to view information about projector, the following URL can be accessed:
http://[PROJECTOR IP]/cgi-bin/webconf?page=5
In order to modify primary configuration details such as IP configuration, users connected to email or active directory, the following URL can be accessed:
http://[ ..
Support the originator by clicking the read the rest link below.
