VYPR
Vendor

Epson

Products
34
CVEs
43
Across products
47
Status
Private

Products

34
View all 34 products →

Recent CVEs

43
View all 43 CVEs →
  • CVE-2025-64310CriNov 21, 2025
    risk 0.64cvss 9.8epss 0.00

    EPSON WebConfig and Epson Web Control for SEIKO EPSON Projector Products do not restrict excessive authentication attempts. An administrative user's password may be identified through a brute force attack.

  • CVE-2017-12861CriOct 10, 2017
    risk 0.64cvss 9.8epss 0.03

    The Epson "EasyMP" software is designed to remotely stream a users computer to supporting projectors.These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only those who can view it are streaming.All Epson projectors supporting the "EasyMP"…

  • CVE-2017-12860CriOct 10, 2017
    risk 0.64cvss 9.8epss 0.03

    The Epson "EasyMP" software is designed to remotely stream a users computer to supporting projectors.These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only those who can view it are streaming.In addition to the password, each projector…

  • CVE-2023-7326HigNov 12, 2025
    risk 0.57cvss epss 0.00

    The Epson Stylus SX510W embedded web management service fails to properly handle consecutive ampersand characters in query parameters when accessing /PRESENTATION/HTML/TOP/INDEX.HTML. A remote attacker can send a malformed request that triggers improper input parsing or memory…

  • CVE-2019-20460HigNov 7, 2024
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. POST requests don't require (anti-)CSRF tokens or other mechanisms for validating that the request is from a legitimate source. In addition, CSRF attacks can be used to send text directly to the RAW…

  • CVE-2019-20458HigNov 7, 2024
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. By default, the device comes (and functions) without a password. The user is at no point prompted to set up a password on the device (leaving a number of devices without a password). In this case,…

  • CVE-2019-20459HigNov 7, 2024
    risk 0.55cvss 8.4epss 0.00

    An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. With the SNMPv1 public community, all values can be read, and with the epson community, all the changeable values can be written/updated, as demonstrated by permanently disabling the network card or…

  • CVE-2024-47295HigOct 1, 2024
    risk 0.53cvss 8.1epss 0.01

    Insecure initial password configuration issue in SEIKO EPSON Web Config allows a remote unauthenticated attacker to set an arbitrary password and operate the device with an administrative privilege. As for the details of the affected versions, see the information provided by the…

  • CVE-2025-4960HigFeb 19, 2026
    risk 0.51cvss 7.8epss 0.00

    The com.epson.InstallNavi.helper tool, deployed with the EPSON printer driver installer, contains a local privilege escalation vulnerability due to multiple flaws in its implementation. It fails to properly authenticate clients over the XPC protocol and does not correctly…

  • CVE-2020-37064HigFeb 1, 2026
    risk 0.51cvss 7.8epss 0.00

    EPSON EasyMP Network Projection 2.81 contains an unquoted service path vulnerability in the EMP_NSWLSV service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\EPSON Projector\EasyMP Network…

  • CVE-2020-36984HigJan 28, 2026
    risk 0.51cvss 7.8epss 0.00

    EPSON 1.124 contains an unquoted service path vulnerability in the SENADB service that allows local attackers to execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\ to inject…

  • CVE-2020-36975HigJan 27, 2026
    risk 0.51cvss 7.8epss 0.00

    EPSON Status Monitor 3 version 8.0 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers can leverage the unquoted path in 'C:\Program Files\Common…

  • CVE-2021-47898HigJan 23, 2026
    risk 0.51cvss 7.8epss 0.00

    Epson USB Display 1.6.0.0 contains an unquoted service path vulnerability in the EMP_UDSA service running with LocalSystem privileges. Attackers can exploit the unquoted path by placing malicious executables in intermediate directories to gain elevated system access.

  • CVE-2025-42598HigApr 28, 2025
    risk 0.51cvss 7.8epss 0.00

    Multiple SEIKO EPSON printer drivers for Windows OS are configured with an improper access permission settings when installed or used in a language other than English. If a user is directed to place a crafted DLL file in a location of an attacker's choosing, the attacker may…

  • CVE-2026-39047HigMay 20, 2026
    risk 0.49cvss 7.5epss 0.01

    Buffer Overflow vulnerability in EPSON L14150 FL27PB allows a remote attacker to execute arbitrary code via the RAW Printing Service (JetDirect) on TCP port 9100

  • CVE-2018-14903HigAug 30, 2018
    risk 0.49cvss 7.5epss 0.01

    EPSON WF-2750 printers with firmware JP02I2 do not properly validate files before running updates, which allows remote attackers to cause a printer malfunction or send malicious data to the printer.

  • CVE-2018-14901HigAug 30, 2018
    risk 0.49cvss 7.5epss 0.01

    The EPSON iPrint application 6.6.3 for Android contains hard-coded API and Secret keys for the Dropbox, Box, Evernote and OneDrive services.

  • CVE-2018-14900HigAug 30, 2018
    risk 0.49cvss 7.5epss 0.01

    On EPSON WF-2750 printers with firmware JP02I2, there is no filtering of print jobs. Remote attackers can send print jobs directly to the printer via TCP port 9100.

  • CVE-2025-66635HigDec 16, 2025
    risk 0.47cvss 7.2epss 0.00

    Stack-based buffer overflow vulnerability exists in SEIKO EPSON Web Config. Specially crafted data input by a logged-in user may execute arbitrary code. As for the details of the affected products and versions, see the information provided by the vendor under [References].

  • CVE-2018-5550MedFeb 8, 2018
    risk 0.43cvss 6.1epss 0.37

    Versions of Epson AirPrint released prior to January 19, 2018 contain a reflective cross-site scripting (XSS) vulnerability, which can allow untrusted users on the network to hijack a session cookie or perform other reflected XSS attacks on a currently logged-on user.