CVE-2026-23767
Awaiting Analysis Awaiting Analysis - Queue
ESC/POS Protocol Lacks Authentication, Enabling Command Injection

Publication date: 2026-03-05

Last updated on: 2026-03-09

Assigner: JPCERT/CC

Description
ESC/POS, a printer control language designed by Seiko Epson Corporation, lacks mechanisms for user authentication and command authorization, does not provide controls to restrict sources or destinations of network communication, and transmits commands without encryption or integrity protection.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-05
Last Modified
2026-03-09
Generated
2026-06-16
AI Q&A
2026-03-05
EPSS Evaluated
2026-06-15
NVD
CVE-2026-23767
EUVD
EUVD-2026-9594
Affected Vendors & Products
Showing 24 associated CPEs
Vendor Product Version / Range
epson sb-h50_firmware *
epson tm-h6000v_firmware *
epson tm-l100_firmware *
epson tm-m10_firmware *
epson tm-m30_firmware *
epson tm-m30ii_firmware *
epson tm-m30ii-h_firmware *
epson tm-m30ii-s_firmware *
epson tm-m30ii-sl_firmware *
epson tm-m30iii_firmware *
epson tm-m30iii-h_firmware *
epson tm-m55_firmware *
epson tm-p20ii_firmware *
epson tm-p80ii_firmware *
epson tm-p20_firmware *
epson tm-p60ii_firmware *
epson tm-p80_firmware *
epson tm-t20ii_firmware *
epson tm-t20iii_firmware *
epson tm-t88vi_firmware *
epson tm-t88vi-ihub_firmware *
epson tm-t88vii_firmware *
epson ub-r04_firmware *
epson ub-e04_firmware *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-23767 is a vulnerability in ESC/POS, a printer control language developed by Seiko Epson Corporation for POS printers. ESC/POS lacks built-in security mechanisms such as user authentication and command authorization, meaning any device on the same network can send commands to the printer without restriction.

Additionally, ESC/POS commands are transmitted over the network without encryption or integrity protection, allowing attackers on the same network to intercept or tamper with the communication.

The vulnerability affects Epson receipt printers and drivers that use ESC/POS commands, especially those communicating over TCP port 9100, which is commonly used for direct printing.

Impact Analysis

This vulnerability can impact you by allowing any host on the same network to send arbitrary ESC/POS commands to your Epson POS printer without authentication or authorization.

Attackers could intercept unencrypted communication to disclose sensitive information or tamper with print jobs, potentially causing unauthorized printer operations or access to stored device information.

Such unauthorized control could disrupt business operations, lead to data leakage, or enable further attacks within the network.

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by checking if Epson POS printers or devices using ESC/POS commands are accessible over the network, especially on TCP port 9100, which is the standard port for ESC/POS communication.

You can scan your network for devices listening on TCP port 9100 to identify potentially vulnerable printers.

  • Use a network scanning tool or command such as: nmap -p 9100 <target_ip_range>
  • Check if any hosts on your network accept connections on port 9100 without authentication.

Since ESC/POS commands are transmitted unencrypted and without authentication, any device responding on this port may be vulnerable.

Mitigation Strategies

Immediate mitigation steps include restricting network access to the affected printers and securing the communication environment.

  • Place printers within a firewall-protected network to prevent unauthorized access.
  • Avoid exposing printers directly to the internet.
  • Use private IP addresses for printer operation to limit exposure.
  • Implement network segmentation and IP address restrictions to limit which hosts can communicate with the printers.
  • Use encrypted communication channels such as VPNs or tunneling mechanisms to protect data in transit.

Since ESC/POS lacks built-in authentication and encryption, securing the network environment and controlling access are critical to mitigating this vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23767. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart