Executive Summary
CVSS v3 5.4
ALERT: Vulnerable to exploitation with adjacent access/low attack complexity
Manufacturer: Zebra Technologies
Devices: ZTC Industrial ZT410, ZTC Desktop GK420d
Issue: Potential Authentication Bypass via Alternate Path or Channel

Risk Assessment
Successful exploitation of this vulnerability could permit an unauthorized individual to manipulate credentials by sending specifically crafted packets, bypassing the need for prior authentication.

Technical Details
Affected Products
The following Zebra devices are affected:

ZTC Industrial ZT410: All versions
ZTC Desktop GK420d: All versions
Vulnerability Overview
Authentication Bypass Using an Alternate Path or Channel CWE-288
A vulnerability allowing authentication bypass has been discovered in Zebra Technologies ZTC Industrial ZT410 and ZTC Desktop GK420d. This flaw enables an attacker within the printer’s network to alter the web page username and password via a specially crafted POST request to the setvarsResults.cgi file. For successful exploitation, the printer’s protected mode must be disabled.

CVE-2023-4957 has been assigned to this vulnerability. It holds a CVSS v3 base score of 5.4, with the CVSS vector string: (AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).

Background
Critical Infrastructure Sectors: Critical Manufacturing
Deployment: Worldwide
Company Headquarters: United States

Researcher
Phosphorus Cybersecurity reported this vulnerability to CISA.

Mitigations
Zebra printers operating Link-OS v6.0 and later feature a protected mode to mitigate this vulnerability. Activating this mode restricts unauthorized alterations and locks the current configuration until authorized by an administrator. By default, the secure mode is inactive, necessitating the generation of a password first.

For detailed guidance on implementing the protected mode and applying it to affected Zebra printer products, refer to the Link-OS Printer Administration Guide.

Note: The ZT410 industrial printer was discontinued on Oct 1st, 2020. Service and support discontinuation dates vary by region, with the latest set for September and December 2025. Further security information and best practices, including “Protected Mode,” can be found in the product references.

Note: The GK420d desktop printer was discontinued on Jan 31, 2022. Service and support ended on April 30, 2025.

For comprehensive product resource details, consult the GK420d Desktop Printer Support Manual.

To delve deeper into this vulnerability, explore INCIBE-CERT’s Security Advisory.

CISA emphasizes conducting thorough impact analyses and risk assessments before implementing defensive measures.

CISA also offers control systems security recommended practices on the ICS webpage at cisa.gov/ics. Numerous CISA products outlining cybersecurity best practices, such as Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies, are available for reference and download.

CISA urges organizations to adopt recommended cybersecurity strategies for proactive defense of ICS assets.

Source:
https://www.cisa.gov/news-events/ics-advisories/icsa-23-339-01