CVE-2023-4957

MEDIUM

Zebra ZT410 Firmware - Authentication Bypass via setvarsResults.cgi POST Request

Title source: llm

Description

A vulnerability of authentication bypass has been found on a Zebra Technologies ZTC ZT410-203dpi ZPL printer. This vulnerability allows an attacker that is in the same network as the printer, to change the username and password for the Web Page by sending a specially crafted POST request to the setvarsResults.cgi file. For this vulnerability to be exploitable, the printers protected mode must be disabled.

References (1)

Core 1

Core References

Third Party Advisory

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/authentication-bypass-zebra-ztc

Scores

CVSS v3 5.4

EPSS 0.0027

EPSS Percentile 18.2%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-288

Status published

Products (1)

zebra/zt410_firmware

Published Oct 11, 2023

Tracked Since Feb 18, 2026