CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47295
https://notcve.org/view.php?id=CVE-2024-47295
01 Oct 2024 — Insecure initial password configuration issue in SEIKO EPSON Web Config allows a remote unauthenticated attacker to set an arbitrary password and operate the device with an administrative privilege. As for the details of the affected versions, see the information provided by the vendor under [References]. • https://jvn.jp/en/vu/JVNVU95133448 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2023-38556
https://notcve.org/view.php?id=CVE-2023-38556
02 Aug 2023 — Improper input validation vulnerability in SEIKO EPSON printer Web Config allows a remote attacker to turned off the printer. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers via a web browser. Web Config is pre-installed in some printers provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor. • https://jvn.jp/en/jp/JVN61337171 •
CVSS: 7.8EPSS: 0%CPEs: 240EXPL: 0CVE-2023-27520
https://notcve.org/view.php?id=CVE-2023-27520
11 Apr 2023 — Cross-site request forgery (CSRF) vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote unauthenticated attacker to hijack the authentication and perform unintended operations by having a logged-in user view a malicious page. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers/network interface via a web browser. According to SEIKO EPSON CORPORATION, it is also called as Remote Manager in some products. Web Conf... • https://jvn.jp/en/jp/JVN82424996 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.8EPSS: 0%CPEs: 100EXPL: 0CVE-2023-23572
https://notcve.org/view.php?id=CVE-2023-23572
11 Apr 2023 — Cross-site scripting vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers/network interface via a web browser. According to SEIKO EPSON CORPORATION, it is also called as Remote Manager in some products. Web Config is pre-installed in some printers/network interface provided ... • https://jvn.jp/en/jp/JVN82424996 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.4EPSS: 0%CPEs: 18EXPL: 0CVE-2022-36133
https://notcve.org/view.php?id=CVE-2022-36133
25 Nov 2022 — The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500 allows authentication bypass. La funcionalidad WebConfig de los dispositivos Epson TM-C3500 y TM-C7500 con versión de firmware WAM31500 permite omitir la autenticación. • https://download.epson-biz.com/epson/epson_public_document.php?name=Infomation_history.pdf • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-9453
https://notcve.org/view.php?id=CVE-2020-9453
05 Feb 2021 — In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402406 and IOCtl 0x9C40240A. (0x9C402402 has only a NULL pointer dereference.) This affects \Device\EMPMPAUIO and \DosDevices\EMPMPAU. En Epson iProjection versión v2.30, el archivo del controlador EMP_MPAU.sys permite a usuarios locales causar una denegación de servicio (BSOD) o posiblemente tener otro... • https://epson.com • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-9014
https://notcve.org/view.php?id=CVE-2020-9014
05 Feb 2021 — In Epson iProjection v2.30, the driver file (EMP_NSAU.sys) allows local users to cause a denial of service (BSOD) via crafted input to the virtual audio device driver with IOCTL 0x9C402402, 0x9C402406, or 0x9C40240A. \Device\EMPNSAUIO and \DosDevices\EMPNSAU are similarly affected. En Epson iProjection versión v2.30, el archivo del controlador (EMP_NSAU.sys) permite a usuarios locales causar una denegación de servicio (BSOD) por medio de una entrada diseñada al controlador del dispositivo de audio virtual c... • https://epson.com/Support/wa00935 •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-5681
https://notcve.org/view.php?id=CVE-2020-5681
24 Dec 2020 — Untrusted search path vulnerability in self-extracting files created by EpsonNet SetupManager versions 2.2.14 and earlier, and Offirio SynergyWare PrintDirector versions 1.6x/1.6y and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Vulnerabilidad de ruta de búsqueda no confiable en archivos autoextraíbles creados por EpsonNet SetupManager versiones 2.2.14 y anteriores, y Offirio SynergyWare PrintDirector versiones 1.6x/1.6y y anteriores, permiten a un atacan... • https://jvn.jp/en/jp/JVN94244575/index.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-28931
https://notcve.org/view.php?id=CVE-2020-28931
16 Dec 2020 — Lack of an anti-CSRF token in the entire administrative interface in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to force an administrator to execute external POST requests by visiting a malicious website. Una falta de token anti-CSRF en toda la interfaz administrativa en EPSON EPS TSE Server 8 (versión 21.0.11), permite a un atacante no autenticado forzar a un administrador a ejecutar peticiones POST externas al visitar un sitio web malicioso • https://blog.bssi.fr/multiple-vulnerabilities-within-epson-eps-tse-server-8/#vulnerability-3 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1CVE-2020-28930
https://notcve.org/view.php?id=CVE-2020-28930
16 Dec 2020 — A Cross-Site Scripting (XSS) issue in the 'update user' and 'delete user' functionalities in settings/users.php in EPSON EPS TSE Server 8 (21.0.11) allows an authenticated attacker to inject a JavaScript payload in the user management page that is executed by an administrator. Un problema de Cross-Site Scripting (XSS) en las funcionalidades "update user" y "delete user" en el archivo settings/users.php en EPSON EPS TSE Server 8 (versión 21.0.11), permite a un atacante autenticado inyecte una carga útil de J... • https://blog.bssi.fr/multiple-vulnerabilities-within-epson-eps-tse-server-8/#vulnerability-2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •