CVE-2026-23767
CRITICALESC/POS - Auth Bypass
Title source: llmDescription
ESC/POS, a printer control language designed by Seiko Epson Corporation, lacks mechanisms for user authentication and command authorization, does not provide controls to restrict sources or destinations of network communication, and transmits commands without encryption or integrity protection.
Scores
CVSS v3
9.8
EPSS
0.0003
EPSS Percentile
9.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Classification
CWE
CWE-306
Status
published
Affected Products (24)
epson/sb-h50_firmware
epson/tm-h6000v_firmware
epson/tm-l100_firmware
epson/tm-m10_firmware
epson/tm-m30_firmware
epson/tm-m30ii_firmware
epson/tm-m30ii-h_firmware
epson/tm-m30ii-s_firmware
epson/tm-m30ii-sl_firmware
epson/tm-m30iii_firmware
epson/tm-m30iii-h_firmware
epson/tm-m55_firmware
epson/tm-p20ii_firmware
epson/tm-p80ii_firmware
epson/tm-p20_firmware
... and 9 more
Timeline
Published
Mar 05, 2026
Tracked Since
Mar 05, 2026