CVE-2018-0689
CVE-2018-0689 is a high-severity vulnerability in Epson Ds-570w Firmware with a CVSS 3.x base score of 8.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-113.
Key facts
- Severity: High (CVSS 3.x base score 8.8)
- CVSS v2: 6.8
- EPSS exploit prediction: 2% (74th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-113
- Affected product: Epson Ds-570w Firmware
- Published:
- Last modified:
Description
HTTP header injection vulnerability in SEIKO EPSON printers and scanners (DS-570W firmware versions released prior to 2018 March 13, DS-780N firmware versions released prior to 2018 March 13, EP-10VA firmware versions released prior to 2017 September 4, EP-30VA firmware versions released prior to 2017 June 19, EP-707A firmware versions released prior to 2017 August 1, EP-708A firmware versions released prior to 2017 August 7, EP-709A firmware versions released prior to 2017 June 12, EP-777A firmware versions released prior to 2017 August 1, EP-807AB/AW/AR firmware versions released prior to 2017 August 1, EP-808AB/AW/AR firmware versions released prior to 2017 August 7, EP-879AB/AW/AR firmware versions released prior to 2017 June 12, EP-907F firmware versions released prior to 2017 August 1, EP-977A3 firmware versions released prior to 2017 August 1, EP-978A3 firmware versions released prior to 2017 August 7, EP-979A3 firmware versions released prior to 2017 June 12, EP-M570T firmware versions released prior to 2017 September 6, EW-M5071FT firmware versions released prior to 2017 November 2, EW-M660FT firmware versions released prior to 2018 April 19, EW-M770T firmware versions released prior to 2017 September 6, PF-70 firmware versions released prior to 2018 April 20, PF-71 firmware versions released prior to 2017 July 18, PF-81 firmware versions released prior to 2017 September 14, PX-048A firmware versions released prior to 2017 July 4, PX-049A firmware versions released prior to 2017 September 11, PX-437A firmware versions released prior to 2017 July 24, PX-M350F firmware versions released prior to 2018 February 23, PX-M5040F firmware versions released prior to 2017 November 20, PX-M5041F firmware versions released prior to 2017 November 20, PX-M650A firmware versions released prior to 2017 October 17, PX-M650F firmware versions released prior to 2017 October 17, PX-M680F firmware versions released prior to 2017 June 29, PX-M7050F firmware versions released prior to 2017 October 13, PX-M7050FP firmware versions released prior to 2017 October 13, PX-M7050FX firmware versions released prior to 2017 November 7, PX-M7070FX firmware versions released prior to 2017 April 27, PX-M740F firmware versions released prior to 2017 December 4, PX-M741F firmware versions released prior to 2017 December 4, PX-M780F firmware versions released prior to 2017 June 29, PX-M781F firmware versions released prior to 2017 June 27, PX-M840F firmware versions released prior to 2017 November 16, PX-M840FX firmware versions released prior to 2017 December 8, PX-M860F firmware versions released prior to 2017 October 25, PX-S05B/W firmware versions released prior to 2018 March 9, PX-S350 firmware versions released prior to 2018 February 23, PX-S5040 firmware versions released prior to 2017 November 20, PX-S7050 firmware versions released prior to 2018 February 21, PX-S7050PS firmware versions released prior to 2018 February 21, PX-S7050X firmware versions released prior to 2017 November 7, PX-S7070X firmware versions released prior to 2017 April 27, PX-S740 firmware versions released prior to 2017 December 3, PX-S840 firmware versions released prior to 2017 November 16, PX-S840X firmware versions released prior to 2017 December 8, PX-S860 firmware versions released prior to 2017 December 7) may allow a remote attackers to lead a user to a phishing site or execute an arbitrary script on the user's web browser.
Frequently asked questions
- What is CVE-2018-0689?
- HTTP header injection vulnerability in SEIKO EPSON printers and scanners (DS-570W firmware versions released prior to 2018 March 13, DS-780N firmware versions released prior to 2018 March 13, EP-10VA firmware versions released prior to 2017 September 4, EP-30VA firmware versions released prior to 2017 June 19, EP-707A firmware versions released prior to 2017 August 1, EP-708A firmware versions released prior to 2017 August 7, EP-709A firmware versions released prior to 2017 June 12, EP-777A firmware versions released prior to 2017 August 1, EP-807AB/AW/AR firmware versions released prior to 2017 August 1, EP-808AB/AW/AR firmware versions released prior to 2017 August 7, EP-879AB/AW/AR firmware versions released prior to 2017 June 12, EP-907F firmware versions released prior to 2017 August 1, EP-977A3 firmware versions released prior to 2017 August 1, EP-978A3 firmware versions released prior to 2017 August 7, EP-979A3 firmware versions released prior to 2017 June 12, EP-M570T firmware versions released prior to 2017 September 6, EW-M5071FT firmware versions released prior to 2017 November 2, EW-M660FT firmware versions released prior to 2018 April 19, EW-M770T firmware versions released prior to 2017 September 6, PF-70 firmware versions released prior to 2018 April 20, PF-71 firmware versions released prior to 2017 July 18, PF-81 firmware versions released prior to 2017 September 14, PX-048A firmware versions released prior to 2017 July 4, PX-049A firmware versions released prior to 2017 September 11, PX-437A firmware versions released prior to 2017 July 24, PX-M350F firmware versions released prior to 2018 February 23, PX-M5040F firmware versions released prior to 2017 November 20, PX-M5041F firmware versions released prior to 2017 November 20, PX-M650A firmware versions released prior to 2017 October 17, PX-M650F firmware versions released prior to 2017 October 17, PX-M680F firmware versions released prior to 2017 June 29, PX-M7050F firmware versions released prior to 2017 October 13, PX-M7050FP firmware versions released prior to 2017 October 13, PX-M7050FX firmware versions released prior to 2017 November 7, PX-M7070FX firmware versions released prior to 2017 April 27, PX-M740F firmware versions released prior to 2017 December 4, PX-M741F firmware versions released prior to 2017 December 4, PX-M780F firmware versions released prior to 2017 June 29, PX-M781F firmware versions released prior to 2017 June 27, PX-M840F firmware versions released prior to 2017 November 16, PX-M840FX firmware versions released prior to 2017 December 8, PX-M860F firmware versions released prior to 2017 October 25, PX-S05B/W firmware versions released prior to 2018 March 9, PX-S350 firmware versions released prior to 2018 February 23, PX-S5040 firmware versions released prior to 2017 November 20, PX-S7050 firmware versions released prior to 2018 February 21, PX-S7050PS firmware versions released prior to 2018 February 21, PX-S7050X firmware versions released prior to 2017 November 7, PX-S7070X firmware versions released prior to 2017 April 27, PX-S740 firmware versions released prior to 2017 December 3, PX-S840 firmware versions released prior to 2017 November 16, PX-S840X firmware versions released prior to 2017 December 8, PX-S860 firmware versions released prior to 2017 December 7) may allow a remote attackers to lead a user to a phishing site or execute an arbitrary script on the user's web browser.
- How severe is CVE-2018-0689?
- CVE-2018-0689 has a CVSS 3.x base score of 8.8, rated high severity. It is exploitable over network with low attack complexity, requires no privileges and user interaction. Impact on confidentiality is high, integrity high, and availability high.
- Is CVE-2018-0689 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (74th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2018-0689?
- CVE-2018-0689 primarily affects Epson Ds-570w Firmware. In total, 58 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2018-0689?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2018-0689 published?
- CVE-2018-0689 was published on 2019-01-09 and last updated on 2026-06-17.
References
Affected products (58)
- cpe:2.3:o:epson:ds-570w_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:epson:ds-780n_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:epson:ep-10va_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:epson:ep-30va_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:epson:ep-707a_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:epson:ep-708a_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:epson:ep-709a_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:epson:ep-777a_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:epson:ep-807ab_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:epson:ep-807aw_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:epson:ep-807ar_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:epson:ep-808ab_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:epson:ep-808aw_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:epson:ep-808ar_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:epson:ep-879ab_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:epson:ep-879aw_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:epson:ep-879ar_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:epson:ep-907f_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:epson:ep-977a3_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:epson:ep-978a3_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:epson:ep-979a3_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:epson:ep-m570t_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:epson:ew-m5071ft_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:epson:ew-m660ft_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:epson:ew-m770t_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:epson:pf-70_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:epson:pf-71_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:epson:pf-81_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:epson:px-048a_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:epson:px-049a_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:epson:px-437a_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:epson:px-m350f_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:epson:px-m5040f_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:epson:px-m5041f_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:epson:px-m650a_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:epson:px-m650f_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:epson:px-m680f_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:epson:px-m7050f_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:epson:px-m7050fp_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:epson:px-m7050fx_firmware:*:*:*:*:*:*:*:*
More vulnerabilities in Epson Ds-570w Firmware
- CVE-2018-0688 — Medium (CVSS 6.1): Open redirect vulnerability in SEIKO EPSON printers and scanners (DS-570W firmware versions released prior to 2018…
All CVEs affecting Epson Ds-570w Firmware →
Other CWE-113 (HTTP Response Splitting) vulnerabilities
- CVE-2026-38967 — Critical (CVSS 9.8): CrowCpp Crow through v1.3.1 HTTP is vulnerable to response header injection via unvalidated response header values.
- CVE-2026-34520 — Critical (CVSS 9.1): AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, the C parser…
- CVE-2025-53007 — High (CVSS 8.9): arduino-esp32 provides an Arduino core for the ESP32. Versions prior to 3.3.0-RC1 and 3.2.1 contain a HTTP Response…
- CVE-2024-52875 — High (CVSS 8.8): An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5. The dest GET parameter passed to the…
- CVE-2018-11347 — High (CVSS 8.8): The YunoHost 2.7.2 through 2.7.14 web application is affected by one HTTP Response Header Injection. This flaw allows…
- CVE-2025-61689 — High (CVSS 8.7): HTTP.jl is an HTTP client and server functionality for the Julia programming language. Prior to version 1.10.19,…
Browse all CWE-113 (HTTP Response Splitting) vulnerabilities →