CVE-2018-17168
Description
PrinterOn Enterprise 4.1.4 contains multiple Cross Site Request Forgery (CSRF) vulnerabilities in the Administration page. For example, an administrator, by following a link, can be tricked into making unwanted changes to a printer (Disable, Approve, etc).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
PrinterOn Enterprise 4.1.4 administration pages are vulnerable to CSRF, allowing an attacker to trick an admin into modifying printer settings.
Vulnerability
PrinterOn Enterprise 4.1.4 contains multiple Cross-Site Request Forgery (CSRF) vulnerabilities in the Administration page [1]. An authenticated administrator who follows a crafted link can be tricked into making unwanted changes to a printer, such as disabling or approving it.
Exploitation
An attacker can create a malicious link that performs actions on the Administration page. If an authenticated administrator clicks the link while logged into PrinterOn, the browser sends a forged request, e.g., to disable a printer [1]. No additional authentication or user interaction beyond clicking the link is required.
Impact
Successful exploitation allows an attacker to perform administrative actions on printers, such as disabling or approving them, without the administrator's consent [1]. This leads to unauthorized modification of printer settings, potentially causing disruption.
Mitigation
As of the available references, no patch or fix has been released [1]. Administrators should avoid clicking untrusted links while logged into PrinterOn, and consider implementing CSRF protections such as anti-CSRF tokens.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: = 4.1.4
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- github.com/DrunkenShells/Disclosures/tree/master/CVE-2018-17168-CSRF-PrinterONmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.