CVE-2019-25401

HIGH

Bematech MP-4200 TH - Denial of Service via Malformed Admin Configuration Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25401. PoCs published by Jonatas Fil.

AI-analyzed exploit summary The exploit demonstrates a Denial of Service (DoS) and Cross-Site Scripting (XSS) vulnerability in Bematech Printer MP-4200 TH by sending malformed POST requests to the admin configuration page. The DoS is triggered by sending excessively long input values, while the XSS is achieved via script injection in the 'admin' and 'person' parameters.

Description

Bematech (formerly Logic Controls, now Elgin) MP-4200 TH printer contains a denial of service vulnerability in the admin configuration page. Remote attackers can send crafted POST requests with malformed 'admin' and 'person' parameters to crash the printer's web service, causing a denial of service condition.

Exploits (1)

exploitdb WORKING POC
by Jonatas Fil · textdoshardware
https://www.exploit-db.com/exploits/47648

The exploit demonstrates a Denial of Service (DoS) and Cross-Site Scripting (XSS) vulnerability in Bematech Printer MP-4200 TH by sending malformed POST requests to the admin configuration page. The DoS is triggered by sending excessively long input values, while the XSS is achieved via script injection in the 'admin' and 'person' parameters.

Classification
Working Poc 95%
Attack Type
Dos | Xss
Complexity
Trivial
Reliability
Reliable
Target: Bematech Printer MP-4200 TH
No auth needed
Prerequisites: Network access to the target printer's web interface
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 7.5
EPSS 0.0042
EPSS Percentile 33.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-400
Status published
Products (1)
Bematech/MP-4200 MP-4200 TH
Published Feb 18, 2026
Tracked Since Feb 19, 2026