VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 1, 2023· Updated Aug 2, 2024

SATO CL4NX-J Plus Cookie improper authentication

CVE-2023-5328

Description

Critical improper authentication in SATO CL4NX-J Plus printer's cookie handler allows unauthorized access via crafted cookie.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Critical improper authentication in SATO CL4NX-J Plus printer's cookie handler allows unauthorized access via crafted cookie.

Vulnerability

The vulnerability is in the Cookie Handler component of SATO CL4NX-J Plus firmware version 1.13.2-u455_r2. By manipulating the cookie with input auth=user,level1,settings; web=true, an attacker can bypass authentication. The issue is classified as critical and has been publicly disclosed [1].

Exploitation

An attacker with access to the local network can craft a malicious cookie containing auth=user,level1,settings; web=true and send it to the device. This results in improper authentication, granting elevated access without valid credentials. The exploitation steps are detailed in the public disclosure [1].

Impact

Successful exploitation allows the attacker to gain unauthorized administrative access to the printer. This could lead to full compromise of the device, including configuration changes, data exfiltration, and potential use as a pivot point within the network.

Mitigation

As of the publication date, no official patch has been released. Users should restrict network access to the device to trusted hosts only, monitor for suspicious cookie-based requests, and contact SATO support for firmware updates. The vulnerability is listed with identifier VDB-241029.

References
  1. CV3Cyb3R/2023/SATO CL4NX-J Plus cookie/README.md at main · CV3TR4CK/CV3Cyb3R

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • SATO/CL4NX-J Plusllm-fuzzy2 versions
    = 1.13.2-u455_r2+ 1 more
    • (no CPE)range: = 1.13.2-u455_r2
    • (no CPE)range: 1.13.2-u455_r2

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

3

News mentions

0

No linked articles in our index yet.