Thank you for using Epson products.
Epson has identified a command execution vulnerability affecting certain POS printers connected to networks.
Epson has identified a command execution vulnerability affecting certain POS printers connected to networks.
Affected Models
All the TM products that:
- Implement an ESC/POS command, and
- Include a network interface, including UIB.
Vulnerability Details
A remote attacker on the same network can connect to the printer’s network interface and send raw, unauthenticated ESC/POS commands.
This allows execution of arbitrary commands, such as opening the cash drawer, without any authentication.
This allows execution of arbitrary commands, such as opening the cash drawer, without any authentication.
Impact of vulnerability
No known attacks have been reported exploiting this vulnerability as of now.
Recommended Countermeasure
For Epson Appointed System Integrators (SI)
- Adding an authorization for the commands
- Adding an optional security mode that restricts IP addresses allowed to access the printer
For End-User
- Do not connect the printer directly to the Internet
- Place the printer within a firewall-protected network or behind a secure wireless router
- Restrict access using the IP filtering feature available on the POS printer