Technical Advisory: Security Vulnerability Discovered in CL4/6NX Plus Printers
Summary
Some SATO label printers were found to have vulnerabilities regarding incorrect/improper authorization (CWE-863, CWE-287) and path traversal (CWE-22) that may lead to unauthorized setting changes and file tampering, potentially impacting how printers operate.
There are no known cases of these vulnerabilities being exploited, and printer users are not at risk of data tampering or information exposure as long as users take measures to protect their systems from unauthorized access.
However, we advise users to apply the following solution to your printers for improved security.
Affected printers
- CL4/6NX Plus
- CL4/6NX-J Plus (Japan model)
Solution
We are releasing a new printer firmware update to patch the vulnerabilities. For information on updating the firmware, please contact your nearest SATO representative or the distributor where you purchased the printer. Please contact us to arrange for an appointment.
Workaround
If the firmware update cannot be installed due to technical reasons, users can work around the vulnerabilities by enabling the printer’s firewall and disabling the WebConfig function. Please note that the workaround is temporary, and you should ideally remediate the vulnerabilities through the security patch once your situation allows it.
- Follow the steps below to apply the workaround. For more information, refer to the “Various Settings of the Product” section in our online user manual.
- Enable firewall:
Go to the printer’s Settings menu and click Interface> Network> Advanced> Firewall> Enable. - Disable WebConfig (function for viewing or changing printer settings via web browser):
Go to the printer’s Settings menu and click Interface> Network> Advanced> Firewall> Allow Services and Ports> WebConfig> Disable.
- Enable firewall:
For questions and inquiries, please fill out our contact form here.