Vulnerability Reference: ???
Release Date: ?
Description: It was discovered that the Treck TCP/IP software libraries used in a number of Epson products contain a number of low-level software vulnerabilities named “RIPPLE20”. When exploited, these vulnerabilities could lead to device takeover and allow an attacker to pivot from affected devices to other critical infrastructure.
Vulnerability Reference:
Vulnerability ID | Summary |
The Treck TCP/IP stack before 6.0.1.66 has an ARP Out-of-bounds Read. | |
The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read. | |
The Treck TCP/IP stack before 6.0.1.66 has a TCP Out-of-bounds Read. | |
The Treck TCP/IP stack before 6.0.1.66 has Improper ICMPv4 Access Control. | |
The Treck TCP/IP stack before 6.0.1.66 has an ICMPv4 Out-of-bounds Read. | |
The Treck TCP/IP stack before 6.0.1.66 has an IPv4 Integer Underflow. | |
The Treck TCP/IP stack before 4.7.1.27 mishandles '\0' termination in DHCP. | |
The Treck TCP/IP stack before 6.0.1.66 improperly handles a Length Parameter Inconsistency in TCP. | |
The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Integer Underflow. | |
The Treck TCP/IP stack before 6.0.1.66 has a DHCPv6 Out-of-bounds Read. | |
The Treck TCP/IP stack before 6.0.1.66 has an Integer Overflow during Memory Allocation that causes an Out-of-Bounds Write. | |
The Treck TCP/IP stack before 6.0.1.28 has a DHCP Out-of-bounds Read. | |
The Treck TCP/IP stack before 6.0.1.66 has an IPv6OverIPv4 tunneling Out-of-bounds Read. | |
The Treck TCP/IP stack before 6.0.1.66 allows Remote Code execution via a single invalid DNS response. | |
The Treck TCP/IP stack before 6.0.1.41 has an IPv4 tunneling Double Free. | |
The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read. | |
The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMPv4 Length Parameter Inconsistency, which might allow remote attackers to trigger an information leak. | |
The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via multiple malformed IPv6 packets. | |
The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, related to IPv4 tunneling. |
Impact: When exploited, these vulnerabilities could lead to device takeover and allow an attacker to pivot from affected devices to other critical infrastructure.
Solution: To ensure the security of your Epson product, please download and install the EPSON Firmware Update for your product below. In the meantime, and as a general rule to help secure all devices, end-users and their administrators should always implement and maintain industry-standard security controls and practices in setting up and managing their networks. Those practices include immediately replacing default passwords with strong passwords and connecting products behind a firewall.
