Primary

Context

SATO CL4/6NX Plus and CL4/6NX-J Plus Unrestricted File Upload Vulnerability Allowing Arbitrary Lua Script Execution with Root Privilege

Vulnerability

A vulnerability exists in SATO label printers CL4/6NX Plus and CL4/6NX-J Plus (Japan model) running firmware versions prior to 1.15.5-r1. This vulnerability allows the unrestricted upload of files with dangerous types, specifically Lua scripts, which can be executed on the system with root privileges.

Impact

Exploitation of this vulnerability allows for the execution of arbitrary Lua scripts on the affected printer with root privileges.

Remediation

Users are advised to update the printer firmware to the latest version. For those unable to update due to technical reasons, a temporary workaround involves enabling the printer's firewall and disabling the WebConfig function, which can be done through the printer's settings menu.

Added: Aug 6, 2025, 12:00 PM

Updated: Aug 6, 2025, 12:00 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

7.0

remediation

8.3

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

7.0

remediation

8.3

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SATO CL4/6NX Plus and CL4/6NX-J Plus Unrestricted File Upload Vulnerability Allowing Arbitrary Lua Script Execution with Root Privilege

Vulnerability

Impact

Remediation

Affected Products

SATO CL4/6NX Plus

SATO CL4/6NX-J Plus

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating