Primary

Context

SATO CL4/6NX Plus and CL4/6NX-J Plus OS Command Injection Vulnerability

Vulnerability

Patched

An OS command injection vulnerability has been identified in SATO label printers CL4/6NX Plus and CL4/6NX-J Plus (Japan model) running firmware versions prior to 1.15.5-r1. This vulnerability allows for the execution of arbitrary OS commands on the system with certain non-administrative user privileges.

Impact

Exploitation of this vulnerability allows for the execution of arbitrary OS commands on the affected system, with certain non-administrative user privileges.

Remediation

Users are advised to update the printer firmware to the latest version. For those unable to apply the update, SATO recommends enabling the printer's firewall and disabling the WebConfig function as a temporary workaround.

Added: Aug 6, 2025, 12:02 PM

Updated: Aug 6, 2025, 12:02 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

1.3

exploitability

4.9

remediation

8.3

relevance

0.3

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

1.3

exploitability

4.9

remediation

8.3

relevance

0.3

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SATO CL4/6NX Plus and CL4/6NX-J Plus OS Command Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

SATO CL4/6NX Plus

SATO CL4/6NX-J Plus

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating