Published:2025/08/06 Last Updated:2025/08/06
JVN#16547726
Multiple vulnerabilities in Sato label printers CL4/6NX Plus and CL4/6NX-J Plus series
Overview
Sato label printers CL4/6NX Plus and CL4/6NX-J Plus series provided by SATO Corporation contain multiple vulnerabilities.
Products Affected
- CL4/6NX Plus, firmware versions prior to 1.15.5-r1
- CL4/6NX-J Plus (Japan model), firmware versions prior to 1.15.5-r1
Description
Sato label printers CL4/6NX Plus and CL4/6NX-J Plus series provided by SATO Corporation contain multiple vulnerabilities listed below.
- OS command injection (CWE-78)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N Base Score 6.9
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Base Score 7.3
- CVE-2025-22469
- Unrestricted upload of file with dangerous type (CWE-434)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 9.3
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 9.8
- CVE-2025-22470
Impact
- A remote attacker may execute an arbitrary OS command on the system with a certain non-administrative user privilege (CVE-2025-22469)
- A remote attacker may execute an arbitrary Lua script on the system with
root
privilege (CVE-2025-22470)
Solution
Update the firmware
Update the firmware to the latest version according to the information provided by the developer.
Apply workarounds
The developer provides workarounds for users who cannot apply the update.
Refer to the information provided by the developer for details.
Vendor Status
Vendor | Link |
SATO Corporation | Technical advisory: Security vulnerability discovered in CL4/6NX Plus printers |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
MASAHIRO IIDA of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
JPCERT Alert |
|
JPCERT Reports |
|
CERT Advisory |
|
CPNI Advisory |
|
TRnotes |
|
CVE |
CVE-2025-22469 |
CVE-2025-22470 |
|
JVN iPedia |
JVNDB-2025-000056 |