Epson WorkForce multi-function printers do not use signed firmware images and allow unauthorized malicious firmware-updates. Additionally, they suffer from a cross site request forgery vulnerability that allows an attacker to commit such a firmware update.