CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 1CVE-2018-18960
https://notcve.org/view.php?id=CVE-2018-18960
24 Dec 2018 — An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. They use SNMP to find certain devices on the network, but the default version is v2c, allowing an amplification attack. Se ha descubierto un problema en dispositivos Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 y 10.52.LQ17IA. Emplean SNMP para encontrar ciertos dispositivos en la red, pero la versión por defecto es v2c, lo que permite un ataque de amplificación. • https://github.com/epistemophilia/CVEs/blob/master/Epson-WorkForce-WF2861/CVE-2018-18960/poc-cve-2018-18960.py • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2018-14903
https://notcve.org/view.php?id=CVE-2018-14903
30 Aug 2018 — EPSON WF-2750 printers with firmware JP02I2 do not properly validate files before running updates, which allows remote attackers to cause a printer malfunction or send malicious data to the printer. Las impresoras EPSON WF-2750 con firmware JP02I2 no validan correctamente archivos antes de ejecutar actualizaciones, lo que permite que atacantes remotos provoquen el mal funcionamiento de la impresora o el envío de datos maliciosos a la impresora. • https://www.vdalabs.com/2018/08/26/epson-printer-vulnerabilities • CWE-346: Origin Validation Error •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14901
https://notcve.org/view.php?id=CVE-2018-14901
30 Aug 2018 — The EPSON iPrint application 6.6.3 for Android contains hard-coded API and Secret keys for the Dropbox, Box, Evernote and OneDrive services. La aplicación EPSON iPrint 6.6.3 para Android contiene claves de API y de secreto embebidas para los servicios Dropbox, Box, Evernote y OneDrive. • https://www.vdalabs.com/2018/08/26/epson-printer-vulnerabilities • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14902
https://notcve.org/view.php?id=CVE-2018-14902
30 Aug 2018 — The ContentProvider in the EPSON iPrint application 6.6.3 for Android does not properly restrict data access. This allows an attacker's application to read scanned documents. ContentProvider en la aplicación EPSON iPrint 6.6.3 para Android no restringe correctamente el acceso a los datos. Esto permite que la aplicación de un atacante lea documentos escaneados. • https://www.vdalabs.com/2018/08/26/epson-printer-vulnerabilities • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2018-14900
https://notcve.org/view.php?id=CVE-2018-14900
30 Aug 2018 — On EPSON WF-2750 printers with firmware JP02I2, there is no filtering of print jobs. Remote attackers can send print jobs directly to the printer via TCP port 9100. En impresoras EPSON WF-2750 con firmware JP02I2, no hay filtrado de trabajos de impresión. Los atacantes remotos pueden enviar trabajos de impresión directamente a la impresora mediante el puerto TCP 9100. • https://www.vdalabs.com/2018/08/26/epson-printer-vulnerabilities • CWE-417: Communication Channel Errors •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2018-14899
https://notcve.org/view.php?id=CVE-2018-14899
30 Aug 2018 — On the EPSON WF-2750 printer with firmware JP02I2, the Web interface AirPrint Setup page is vulnerable to HTML Injection that can redirect users to malicious sites. En la impresora EPSON WF-2750 con firmware JP02I2, la interfaz web de la página AirPrint Setup es vulnerable a una inyección HTML que puede redirigir usuarios a sitios maliciosos. • https://www.vdalabs.com/2018/08/26/epson-printer-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 1CVE-2018-5550
https://notcve.org/view.php?id=CVE-2018-5550
08 Feb 2018 — Versions of Epson AirPrint released prior to January 19, 2018 contain a reflective cross-site scripting (XSS) vulnerability, which can allow untrusted users on the network to hijack a session cookie or perform other reflected XSS attacks on a currently logged-on user. Las versiones Epson AirPrint lanzadas antes del 19 de enero de 2018 contienen una vulnerabilidad de Cross-Site Scripting (XSS) reflejado, lo que puede permitir que usuarios no fiables de la red secuestren una cookie de sesión o realicen otros ... • https://blog.rapid7.com/2018/02/08/r7-2017-28-epson-airprint-xss-cve-2018-5550 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2017-12860
https://notcve.org/view.php?id=CVE-2017-12860
10 Oct 2017 — The Epson "EasyMP" software is designed to remotely stream a users computer to supporting projectors.These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only those who can view it are streaming.In addition to the password, each projector has a hardcoded "backdoor" code (2270), which authenticates to all devices. El software "EasyMP" de Epson está diseñado para transmitir remotamente la computadora de un usuario hacia proyectores compatibles. Estos dispositivos se aute... • https://rhinosecuritylabs.com/research/epson-easymp-remote-projection-vulnerabilities • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2017-12861
https://notcve.org/view.php?id=CVE-2017-12861
10 Oct 2017 — The Epson "EasyMP" software is designed to remotely stream a users computer to supporting projectors.These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only those who can view it are streaming.All Epson projectors supporting the "EasyMP" software are vulnerable to a brute-force vulnerability, allowing any attacker on the network to remotely control and stream to the vulnerable device El software EasyMP de Epson se ha diseñado para proyectar de forma remota el ordenad... • https://rhinosecuritylabs.com/research/epson-easymp-remote-projection-vulnerabilities • CWE-521: Weak Password Requirements •
CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 3CVE-2017-6443 – EPSON TMNet WebConfig 1.00 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-6443
05 Mar 2017 — Cross-site scripting (XSS) vulnerability in EPSON TMNet WebConfig 1.00 allows remote attackers to inject arbitrary web script or HTML via the W_AD1 parameter to Forms/oadmin_1. Vulnerabilidad de XSS en EPSON TMNet WebConfig 1.00 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro W_AD1 a Forms/oadmin_1. EPSON TMNet WebConfig version 1.00 suffers from a persistent cross site scripting vulnerability. • https://packetstorm.news/files/id/141448 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •