Published:2025/08/06  Last Updated:2025/08/06

JVN#16547726
Multiple vulnerabilities in Sato label printers CL4/6NX Plus and CL4/6NX-J Plus series

Overview

Sato label printers CL4/6NX Plus and CL4/6NX-J Plus series provided by SATO Corporation contain multiple vulnerabilities.

Products Affected

  • CL4/6NX Plus, firmware versions prior to 1.15.5-r1
  • CL4/6NX-J Plus (Japan model), firmware versions prior to 1.15.5-r1

Description

Sato label printers CL4/6NX Plus and CL4/6NX-J Plus series provided by SATO Corporation contain multiple vulnerabilities listed below.

  • OS command injection (CWE-78)
    • CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N Base Score 6.9
    • CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Base Score 7.3
    • CVE-2025-22469
  • Unrestricted upload of file with dangerous type (CWE-434)
    • CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 9.3
    • CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 9.8
    • CVE-2025-22470

Impact

  • A remote attacker may execute an arbitrary OS command on the system with a certain non-administrative user privilege (CVE-2025-22469)
  • A remote attacker may execute an arbitrary Lua script on the system with root privilege (CVE-2025-22470)

Solution

Update the firmware
Update the firmware to the latest version according to the information provided by the developer.

Apply workarounds
The developer provides workarounds for users who cannot apply the update.

Refer to the information provided by the developer for details.

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

MASAHIRO IIDA of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2025-22469
CVE-2025-22470
JVN iPedia JVNDB-2025-000056