Home

Description

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) expose a set of PHP scripts under the `console_release` directory without requiring authentication. An unauthenticated remote attacker can invoke these endpoints to re‑configure networked printers, add or delete RFID badge devices, or otherwise modify device settings. This vulnerability has been identified by the vendor as: V-2024-029 — No Authentication to Modify Devices.

PUBLISHED Reserved 2025-04-15 | Published 2025-09-29 | Updated 2025-09-30 | Assigner VulnCheck




CRITICAL: 10.0CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-306 Missing Authentication for Critical Function

Product status

Default status
unaffected

* before 22.0.1049
affected

Default status
unaffected

* before 20.0.2786
affected

Credits

Pierre Barre finder

References

pierrekim.github.io/...-printerlogic-83-vulnerabilities.html technical-description

help.printerlogic.com/...int/Security/Security-Bulletins.htm vendor-advisory patch

help.printerlogic.com/...int/Security/Security-Bulletins.htm vendor-advisory patch

www.vulncheck.com/...printerlogic-unauth-device-modification third-party-advisory

cve.org (CVE-2025-34224)

nvd.nist.gov (CVE-2025-34224)

Download JSON