CVE-2019-25401 | THREATINT

Description

Bematech (formerly Logic Controls, now Elgin) MP-4200 TH printer contains a denial of service vulnerability in the admin configuration page. Remote attackers can send crafted POST requests with malformed 'admin' and 'person' parameters to crash the printer's web service, causing a denial of service condition.

PUBLISHED Reserved 2026-02-18 | Published 2026-02-18 | Updated 2026-02-19 | Assigner VulnCheck

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

Uncontrolled Resource Consumption

Product status

MP-4200 TH

affected

Credits

Jonatas Fil finder

References

www.exploit-db.com/exploits/47648 (ExploitDB-47648) exploit

web.archive.org/...180814065516/https://www.bematech.com.br/ (Archived Bematech Homepage) product

www.legacyglobal.com/...8n8YIBKrFPFGFc5DKrxdMGChGQ-Y24i8MVQa (Legacy Hardware Page) product

www.vulncheck.com/...ematech-printer-mp-th-denial-of-service (VulnCheck Advisory: Bematech Printer MP-4200 TH Denial of Service) third-party-advisory

cve.org (CVE-2019-25401)

nvd.nist.gov (CVE-2019-25401)

Download JSON