Login Sign Up

CVE-2023-23594

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

An authentication bypass vulnerability in CL4NX printer web interfaces allows remote attackers to execute privileged commands without valid credentials. This affects CL4NX printers with firmware versions before 1.13.3-u724_r2, potentially enabling unauthorized file uploads and configuration changes.

💻 Affected Systems

Products:
  • SATO CL4NX industrial thermal printers
Versions: All firmware versions before 1.13.3-u724_r2
Operating Systems: Printer firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the web client interface of CL4NX printers; physical access not required.

📦 What is this software?

Cl4nx Plus Firmware by Sato Global

View all CVEs affecting Cl4nx Plus Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of printer functionality, malicious firmware upload, disruption of printing operations, and potential lateral movement to connected systems.

🟠

Likely Case

Unauthorized configuration changes, file system access, and disruption of printing services.

🟢

If Mitigated

Limited impact if printers are isolated on internal networks with strict access controls.

🌐 Internet-Facing: HIGH - Direct remote exploitation possible without authentication.
🏢 Internal Only: HIGH - Even internally, unauthenticated attackers can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires network access to printer web interface; no authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.13.3-u724_r2

Vendor Advisory: https://www.satoamerica.com/products/printers/industrial-thermal-printers/cl4nx-plus

Restart Required: Yes

Instructions:

1. Download firmware version 1.13.3-u724_r2 from SATO website. 2. Access printer web interface. 3. Navigate to firmware update section. 4. Upload and apply new firmware. 5. Reboot printer.

🔧 Temporary Workarounds

Network Isolation

all

Isolate printers on separate VLAN with strict firewall rules.

Access Control Lists

all

Implement IP-based access restrictions to printer web interface.

🧯 If You Can't Patch

  • Disable web interface if not required for operations
  • Implement strict network segmentation and firewall rules to limit access to printer management interfaces

🔍 How to Verify

Check if Vulnerable:

Check firmware version via web interface or serial console; versions below 1.13.3-u724_r2 are vulnerable.

Check Version:

Access printer web interface and navigate to System Information or use serial console commands.

Verify Fix Applied:

Confirm firmware version shows 1.13.3-u724_r2 or higher in printer settings.

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized access attempts to web interface
  • Unexpected configuration changes
  • File upload events without authentication

Network Indicators:

  • HTTP requests to printer management interface from unauthorized IPs
  • Unusual traffic patterns to printer ports

SIEM Query:

source_ip=* dest_ip=printer_management_interface AND (http_method=POST OR http_uri CONTAINS "/upload" OR "/config") AND auth_status="failed"

📊 Metadata

CVE ID: CVE-2023-23594
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-863
Published: March 31, 2023
Last Updated: February 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-23594, you might also want to check these:

CVE-2023-4617 10.0

This vulnerability allows remote attackers to bypass authorization controls in the Govee Home mobile...

Same vulnerability type (CWE-863)
CVE-2025-54253 10.0

CVE-2025-54253 is a critical misconfiguration vulnerability in Adobe Experience Manager Forms that a...

Same vulnerability type (CWE-863)
CVE-2021-38503 10.0

This vulnerability allows malicious iframes to bypass sandbox restrictions when loading XSLT stylesh...

Same vulnerability type (CWE-863)