VYPR
← All advisories
Unrated severityNVD Advisory· Published Mar 31, 2023· Updated Feb 18, 2025

CVE-2023-23594

CVE-2023-23594

Description

Authentication bypass in SATO CL4NX printer web interface allows remote unauthenticated attackers to upload files and change configuration.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Authentication bypass in SATO CL4NX printer web interface allows remote unauthenticated attackers to upload files and change configuration.

Vulnerability

The web client interface of SATO CL4NX printers running firmware versions prior to 1.13.3-u724_r2 contains an authentication bypass vulnerability [1]. This allows unauthenticated remote attackers to access endpoints intended only for authenticated users, such as file upload and configuration change functions. The vulnerability exists in the web server component of the printer's management interface.

Exploitation

An attacker can exploit this vulnerability by sending crafted HTTP requests to the printer's web interface without any authentication. No prior access or credentials are required. The attacker can directly interact with the vulnerable endpoints to perform actions that should be restricted.

Impact

Successful exploitation enables an unauthenticated attacker to upload arbitrary files to the printer and modify its configuration settings. This could lead to unauthorized control of the printer, potential data exfiltration, or disruption of printing operations.

Mitigation

SATO has addressed this vulnerability in firmware version 1.13.3-u724_r2. Users should update their CL4NX printers to this version or later. No workarounds are mentioned in the available references. The product is still supported.

References
  1. CL4NX Plus

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • CL4NX printer/CL4NX printerdescription
  • SATO/CL4NXllm-create
    Range: <1.13.3-u724_r2

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

3

News mentions

0

No linked articles in our index yet.