Epson WorkForce Multi-Function Printer Firmware Vulnerability


Figure1: Mainboard of the Epson WF-2540 MFP that was used to investigate the firmware.


Epson WorkForce multi-function printers do not use signed firmware images and allow unauthorized malicious firmware-updates.

Epson multi-function printers support firmware-Updates via USB and HTTP. When using HTTP, the update is initialized with a GET request and the firmware is uploaded via a POST request. No authorization is required. An attacker can exploit this unauthorized mechanism using Cross-Site-Request-Forgery (CSRF). Because the firmware itself is neither encrypted nor digitally signed an attacker can create malicious firmware images including backdoors and other malware.


Table 1: Resources related to the article.
Source Description
Security Advisory (PDF) -