Vulnerabilites related to zebra - zt410
Vulnerability from fkie_nvd
Published
2019-08-20 21:15
Modified
2024-11-21 04:20
Severity ?
Summary
Zebra Industrial Printers All Versions, Zebra printers are shipped with unrestricted end-user access to front panel options. If the option to use a passcode to limit the functionality of the front panel is applied, specially crafted packets could be sent over the same network to a port on the printer and the printer will respond with an array of information that includes the front panel passcode for the printer. Once the passcode is retrieved, an attacker must have physical access to the front panel of the printer to enter the passcode to access the full functionality of the front panel.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.us-cert.gov/ics/advisories/icsa-19-232-01 | Mitigation, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/icsa-19-232-01 | Mitigation, Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zebra | zt610_firmware | * | |
| zebra | zt610 | * | |
| zebra | zt620_firmware | * | |
| zebra | zt620 | * | |
| zebra | zt510_firmware | * | |
| zebra | zt510 | * | |
| zebra | zt410_firmware | * | |
| zebra | zt410 | * | |
| zebra | zt420_firmware | * | |
| zebra | zt420 | * | |
| zebra | zt220_firmware | * | |
| zebra | zt220 | * | |
| zebra | zt230_firmware | * | |
| zebra | zt230 | * | |
| zebra | 220xi4_firmware | * | |
| zebra | 220xi4 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zebra:zt610_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A119F6D7-D88E-4FD1-8408-A35991E26780",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zebra:zt610:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D1917FD-8BD8-487B-AC8B-A768E1C1855E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zebra:zt620_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA1D4DE-85F7-476A-8CDE-A5BDC7CA4EAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zebra:zt620:*:*:*:*:*:*:*:*",
"matchCriteriaId": "658E480E-68A8-4C5D-A4F2-BB6AA7949C3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zebra:zt510_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "335FE90A-899E-4BA7-84DD-33EEB5A51EE6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zebra:zt510:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDF177D2-B910-4382-92FC-F373D7A39A65",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zebra:zt410_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D8E7D44-FA01-4F80-B5E2-6986CF68EFEB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zebra:zt410:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D8C8D38-0086-4586-83CA-FA7B5D4AF882",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zebra:zt420_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03512F69-95D2-42F8-A8A9-3E61AE61D53B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zebra:zt420:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9AE954D7-60E8-43CC-A053-000E1B5832C8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zebra:zt220_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C480FC73-3803-4945-86FD-3069148DAD81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zebra:zt220:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3374C0AA-612B-4373-ADB3-AD0E9BFCE24E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zebra:zt230_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF0710CF-57D2-414A-97AB-3DBCD8BAB7D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zebra:zt230:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C73A0C8F-0811-454F-BCAB-26434BAB7912",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zebra:220xi4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7099010-4BBC-4986-8C7C-823FA37649D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zebra:220xi4:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E82AFA9-C1C0-4358-A3BB-7F1BBE2C8053",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zebra Industrial Printers All Versions, Zebra printers are shipped with unrestricted end-user access to front panel options. If the option to use a passcode to limit the functionality of the front panel is applied, specially crafted packets could be sent over the same network to a port on the printer and the printer will respond with an array of information that includes the front panel passcode for the printer. Once the passcode is retrieved, an attacker must have physical access to the front panel of the printer to enter the passcode to access the full functionality of the front panel."
},
{
"lang": "es",
"value": "Impresoras industriales Zebra Todas las versiones, las impresoras Zebra se env\u00edan con acceso ilimitado del usuario final a las opciones del panel frontal. Si se aplica la opci\u00f3n de usar un c\u00f3digo de acceso para limitar la funcionalidad del panel frontal, se pueden enviar paquetes especialmente dise\u00f1ados a trav\u00e9s de la misma red a un puerto de la impresora y la impresora responder\u00e1 con una variedad de informaci\u00f3n que incluye el c\u00f3digo de acceso del panel frontal para la impresora Una vez que se recupera el c\u00f3digo de acceso, un atacante debe tener acceso f\u00edsico al panel frontal de la impresora para ingresar el c\u00f3digo de acceso y acceder a la funcionalidad completa del panel frontal."
}
],
"id": "CVE-2019-10960",
"lastModified": "2024-11-21T04:20:14.350",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-20T21:15:12.137",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-232-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-232-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-11 14:15
Modified
2025-08-28 08:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
A vulnerability of authentication bypass has been found on a Zebra Technologies ZTC ZT410-203dpi ZPL printer. This vulnerability allows an attacker that is in the same network as the printer, to change the username and password for the Web Page by sending a specially crafted POST request to the setvarsResults.cgi file. For this vulnerability to be exploitable, the printers protected mode must be disabled.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zebra | zt410_firmware | - | |
| zebra | zt410 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zebra:zt410_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65BC1222-C5EB-4A4A-B1B1-3140D902D797",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zebra:zt410:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FFB9B490-0581-4AFD-9305-56F28FEE4479",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability of authentication bypass has been found on a Zebra Technologies ZTC ZT410-203dpi ZPL printer. This vulnerability allows an attacker that is in the same network as the printer, to change the username and password for the Web Page by sending a specially crafted POST request to the setvarsResults.cgi file. For this vulnerability to be exploitable, the printers protected mode must be disabled."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en una impresora ZPL ZTC ZT410-203dpi de Zebra Technologies. Esta vulnerabilidad permite a un atacante que se encuentra en la misma red que la impresora, cambiar el nombre de usuario y la contrase\u00f1a de la p\u00e1gina web enviando una solicitud POST especialmente manipulada al archivo setvarsResults.cgi. Para que esta vulnerabilidad sea explotable, el modo protegido de la impresora debe estar desactivado."
}
],
"id": "CVE-2023-4957",
"lastModified": "2025-08-28T08:15:29.560",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "cve-coordination@incibe.es",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-11T14:15:10.047",
"references": [
{
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/authentication-bypass-zebra-ztc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/authentication-bypass-zebra-ztc"
}
],
"sourceIdentifier": "cve-coordination@incibe.es",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-288"
}
],
"source": "cve-coordination@incibe.es",
"type": "Secondary"
}
]
}
var-201908-1827
Vulnerability from variot
Zebra Industrial Printers All Versions, Zebra printers are shipped with unrestricted end-user access to front panel options. If the option to use a passcode to limit the functionality of the front panel is applied, specially crafted packets could be sent over the same network to a port on the printer and the printer will respond with an array of information that includes the front panel passcode for the printer. Once the passcode is retrieved, an attacker must have physical access to the front panel of the printer to enter the passcode to access the full functionality of the front panel. Zebra Industrial Printer Contains vulnerabilities related to certificate and password management.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-1827",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "zt420",
"scope": "eq",
"trust": 1.0,
"vendor": "zebra",
"version": "*"
},
{
"model": "zt410",
"scope": "eq",
"trust": 1.0,
"vendor": "zebra",
"version": "*"
},
{
"model": "zt230",
"scope": "eq",
"trust": 1.0,
"vendor": "zebra",
"version": "*"
},
{
"model": "zt510",
"scope": "eq",
"trust": 1.0,
"vendor": "zebra",
"version": "*"
},
{
"model": "zt610",
"scope": "eq",
"trust": 1.0,
"vendor": "zebra",
"version": "*"
},
{
"model": "zt620",
"scope": "eq",
"trust": 1.0,
"vendor": "zebra",
"version": "*"
},
{
"model": "zt220",
"scope": "eq",
"trust": 1.0,
"vendor": "zebra",
"version": "*"
},
{
"model": "220xi4",
"scope": "eq",
"trust": 1.0,
"vendor": "zebra",
"version": "*"
},
{
"model": "zt220",
"scope": null,
"trust": 0.8,
"vendor": "zebra corp",
"version": null
},
{
"model": "zt220xi4",
"scope": null,
"trust": 0.8,
"vendor": "zebra corp",
"version": null
},
{
"model": "zt230",
"scope": null,
"trust": 0.8,
"vendor": "zebra corp",
"version": null
},
{
"model": "zt410",
"scope": null,
"trust": 0.8,
"vendor": "zebra corp",
"version": null
},
{
"model": "zt420",
"scope": null,
"trust": 0.8,
"vendor": "zebra corp",
"version": null
},
{
"model": "zt510",
"scope": null,
"trust": 0.8,
"vendor": "zebra corp",
"version": null
},
{
"model": "zt610",
"scope": null,
"trust": 0.8,
"vendor": "zebra corp",
"version": null
},
{
"model": "zt620",
"scope": null,
"trust": 0.8,
"vendor": "zebra corp",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008644"
},
{
"db": "NVD",
"id": "CVE-2019-10960"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:zebra:zt220_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zebra:220xi4_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zebra:zt230_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zebra:zt410_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zebra:zt420_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zebra:zt510_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zebra:zt610_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zebra:zt620_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008644"
}
]
},
"cve": "CVE-2019-10960",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-10960",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-142559",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-10960",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-10960",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-10960",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-10960",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-1355",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-142559",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142559"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008644"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1355"
},
{
"db": "NVD",
"id": "CVE-2019-10960"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zebra Industrial Printers All Versions, Zebra printers are shipped with unrestricted end-user access to front panel options. If the option to use a passcode to limit the functionality of the front panel is applied, specially crafted packets could be sent over the same network to a port on the printer and the printer will respond with an array of information that includes the front panel passcode for the printer. Once the passcode is retrieved, an attacker must have physical access to the front panel of the printer to enter the passcode to access the full functionality of the front panel. Zebra Industrial Printer Contains vulnerabilities related to certificate and password management.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10960"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008644"
},
{
"db": "VULHUB",
"id": "VHN-142559"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-10960",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-19-232-01",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008644",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1355",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.3183",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-142559",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142559"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008644"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1355"
},
{
"db": "NVD",
"id": "CVE-2019-10960"
}
]
},
"id": "VAR-201908-1827",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-142559"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:48:19.213000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.zebra.com/us/en.html"
},
{
"title": "Zebra Industrial Printers Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97716"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008644"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1355"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.1
},
{
"problemtype": "CWE-255",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142559"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008644"
},
{
"db": "NVD",
"id": "CVE-2019-10960"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-232-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10960"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10960"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3183/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142559"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008644"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1355"
},
{
"db": "NVD",
"id": "CVE-2019-10960"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-142559"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008644"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1355"
},
{
"db": "NVD",
"id": "CVE-2019-10960"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-20T00:00:00",
"db": "VULHUB",
"id": "VHN-142559"
},
{
"date": "2019-09-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008644"
},
{
"date": "2019-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-1355"
},
{
"date": "2019-08-20T21:15:12.137000",
"db": "NVD",
"id": "CVE-2019-10960"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-02T00:00:00",
"db": "VULHUB",
"id": "VHN-142559"
},
{
"date": "2019-09-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008644"
},
{
"date": "2020-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-1355"
},
{
"date": "2024-11-21T04:20:14.350000",
"db": "NVD",
"id": "CVE-2019-10960"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-1355"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zebra Industrial Printer Vulnerabilities related to certificate and password management",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008644"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-1355"
}
],
"trust": 0.6
}
}
CVE-2023-4957 (GCVE-0-2023-4957)
Vulnerability from cvelistv5
Published
2023-10-11 13:21
Modified
2025-08-28 07:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Summary
A vulnerability of authentication bypass has been found on a Zebra Technologies ZTC ZT410-203dpi ZPL printer. This vulnerability allows an attacker that is in the same network as the printer, to change the username and password for the Web Page by sending a specially crafted POST request to the setvarsResults.cgi file. For this vulnerability to be exploitable, the printers protected mode must be disabled.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zebra Technologies | ZTC ZT410 |
Version: 203dpi ZPL 18J150703184 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/authentication-bypass-zebra-ztc"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4957",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T18:02:24.582285Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T18:06:06.703Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ZTC ZT410",
"vendor": "Zebra Technologies",
"versions": [
{
"status": "affected",
"version": "203dpi ZPL 18J150703184"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "David C\u00e1mara Galindo"
}
],
"datePublic": "2023-10-11T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability of authentication bypass has been found on a Zebra Technologies ZTC ZT410-203dpi ZPL printer. This vulnerability allows an attacker that is in the same network as the printer, to change the username and password for the Web Page by sending a specially crafted POST request to the setvarsResults.cgi file. For this vulnerability to be exploitable, the printers protected mode must be disabled."
}
],
"value": "A vulnerability of authentication bypass has been found on a Zebra Technologies ZTC ZT410-203dpi ZPL printer. This vulnerability allows an attacker that is in the same network as the printer, to change the username and password for the Web Page by sending a specially crafted POST request to the setvarsResults.cgi file. For this vulnerability to be exploitable, the printers protected mode must be disabled."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T07:56:23.568Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/authentication-bypass-zebra-ztc"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zebra Printers running Link-OS v6.0 and later have a protected mode that protects the printer from this vulnerability. Activating this mode disables unauthorized changes and locks the current configuration until an administrator authorizes updates. By default, the secure mode is disabled as it is necessary to generate a password first. NOTE: the ZT410 industrial printer was discontinued on Oct 1st, 2020. The service and Support discontinuation dates are in September and December 2025 depending on region. Further information regarding security settings and best practices, including \u201cProtected Mode\u201d, can be found in the references. UPDATE:\u0026nbsp;The vulnerability has been fixed by Zebra. The updated firmware version is Link-OS v7.3 which was released March 2025. The currently released version is Link-OS v7.4 which includes the fix that was released in the previous version."
}
],
"value": "Zebra Printers running Link-OS v6.0 and later have a protected mode that protects the printer from this vulnerability. Activating this mode disables unauthorized changes and locks the current configuration until an administrator authorizes updates. By default, the secure mode is disabled as it is necessary to generate a password first. NOTE: the ZT410 industrial printer was discontinued on Oct 1st, 2020. The service and Support discontinuation dates are in September and December 2025 depending on region. Further information regarding security settings and best practices, including \u201cProtected Mode\u201d, can be found in the references. UPDATE:\u00a0The vulnerability has been fixed by Zebra. The updated firmware version is Link-OS v7.3 which was released March 2025. The currently released version is Link-OS v7.4 which includes the fix that was released in the previous version."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authentication Bypass on Zebra ZTC",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2023-4957",
"datePublished": "2023-10-11T13:21:32.613Z",
"dateReserved": "2023-09-14T07:08:37.883Z",
"dateUpdated": "2025-08-28T07:56:23.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10960 (GCVE-0-2019-10960)
Vulnerability from cvelistv5
Published
2019-08-20 20:53
Modified
2024-08-04 22:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-522 - INSUFFICENTLY PROTECTED CREDENTIALS
Summary
Zebra Industrial Printers All Versions, Zebra printers are shipped with unrestricted end-user access to front panel options. If the option to use a passcode to limit the functionality of the front panel is applied, specially crafted packets could be sent over the same network to a port on the printer and the printer will respond with an array of information that includes the front panel passcode for the printer. Once the passcode is retrieved, an attacker must have physical access to the front panel of the printer to enter the passcode to access the full functionality of the front panel.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-19-232-01 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Zebra Industrial Printers All Versions |
Version: Zebra Industrial Printers All Versions |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-232-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zebra Industrial Printers All Versions",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Zebra Industrial Printers All Versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zebra Industrial Printers All Versions, Zebra printers are shipped with unrestricted end-user access to front panel options. If the option to use a passcode to limit the functionality of the front panel is applied, specially crafted packets could be sent over the same network to a port on the printer and the printer will respond with an array of information that includes the front panel passcode for the printer. Once the passcode is retrieved, an attacker must have physical access to the front panel of the printer to enter the passcode to access the full functionality of the front panel."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "INSUFFICENTLY PROTECTED CREDENTIALS CWE-522",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-20T20:53:23",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-232-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-10960",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zebra Industrial Printers All Versions",
"version": {
"version_data": [
{
"version_value": "Zebra Industrial Printers All Versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zebra Industrial Printers All Versions, Zebra printers are shipped with unrestricted end-user access to front panel options. If the option to use a passcode to limit the functionality of the front panel is applied, specially crafted packets could be sent over the same network to a port on the printer and the printer will respond with an array of information that includes the front panel passcode for the printer. Once the passcode is retrieved, an attacker must have physical access to the front panel of the printer to enter the passcode to access the full functionality of the front panel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "INSUFFICENTLY PROTECTED CREDENTIALS CWE-522"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-232-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-232-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-10960",
"datePublished": "2019-08-20T20:53:23",
"dateReserved": "2019-04-08T00:00:00",
"dateUpdated": "2024-08-04T22:40:15.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}