JVNTA#97995322
Security issues in ESC/POS

Overview

ESC/POS is a printer control language designed by Seiko Epson Corporation for controlling POS printers and related devices. ESC/POS is originally desgned for use in closed network environments. Therefore, implementing ESC/POS products requires consideration of various security issues.

Products Affected

All products implementing ESC/POS need to consider the security issues described in this advisory.

For printer products provided by Seiko Epson Corporation, please refer to the information published by the developer below.
Vulnerability in ESC/POS Commands in POS Printers (Text in Japanese)

Description

ESC/POS is a printer control language designed by Seiko Epson Corporation for controlling POS printers and related devices. The following security issues have been identified with ESC/POS.
Products implementing ESC/POS need to be designed and operated with consideration of the following security issues:

Missing authentication for critical function (CWE-306)
ESC/POS does not define any mechanisms for user authentication or command authorization. Consequently, printers accepting ESC/POS commands over a network have no restrictions on connections, allowing commands to be sent from any host on the network.

Improper access control (CWE-284)
ESC/POS does not define any mechanisms to restrict origins or destinations of communication. Many printers listen for ESC/POS communication on TCP port 9100 by default, potentially allowing access from any host on the network.

Cleartext transmission of sensitive information (CWE-319)
ESC/POS command transmission does not provide encryption or integrity protection mechanisms, and communicate is performed in plaintext. Consequently, attackers on the same network could be able to intercept or tamper with transmitted data.

JPCERT/CC has assigned CVE-2026-23767 to the vulnerability originating from the ESC/POS specification.

Impact

If ESC/POS communication is intercepted, the contents of the communication may be disclosed. Furthermore, if malicious commands are sent, unintended operations may be performed or information stored within the device may be accessed without authentication or authorization.

Solution

There are no plans to revise the ESC/POS specification.
Developers and users of products that implement ESC/POS should appropriately protect the environment in which the product is used, taking into account the information provided in the [Description] section. To prevent the abuse of ESC/POS communication, the following mitigations are recommended.

Implement authentication and access control
It is recommended that devices implementing ESC/POS provide authentication and authorization mechanisms to ensure that only commands from authorized users or devices are accepted. In addition, if the device supports access control features such as IP address restrictions, enabling these features to allow connections only from specific hosts is effective.

Restrict network exposure
Consider limiting access to the device to the minimum necessary by deploying firewalls, separating network segments, or implementing other network security measures in the environment where the device is used. As described above, ESC/POS communication is commonly performed over TCP port 9100.

Encrypt communication
It is recommended that devices implementing ESC/POS support encryption for communication. Furthermore, when using such devices, using trusted communication paths whenever possible and leveraging encrypted protocols or tunneling mechanisms such as VPNs are effective measures.