[Suggested description]
An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices.
POST requests don't require (anti-)CSRF tokens or other
mechanisms for validating that the request is from a legitimate
source.
In addition, CSRF attacks can be used to send text directly to the RAW
printer interface. For example, an attack could deliver a worrisome printout to an end user.

------------------------------------------

[Vulnerability Type]
Cross Site Request Forgery (CSRF)

------------------------------------------

[Vendor of Product]
Epson

------------------------------------------

[Affected Product Code Base]
Expression Home XP255 - 20.08.FM10I8

------------------------------------------

[Affected Component]
Web admin panel, RAW printing protocol

------------------------------------------

[Attack Type]
Remote

------------------------------------------

[Impact Escalation of Privileges]
true

------------------------------------------

[Attack Vectors]
Using a CSRF attack, the web admin panel is attacked.

------------------------------------------

[Has vendor confirmed or acknowledged the vulnerability?]
true

------------------------------------------

[Discoverer]
Konrad Leszczynski, intern at Qbit in collaboration with the Dutch consumer organisation.

------------------------------------------

[Reference]
https://epson.com/Support/sl/s

Use CVE-2019-20460.