Vendor CVEs
Epson
All CVEs
43 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-64310 | Cri | 0.64 | 9.8 | 0.00 | Nov 21, 2025 | EPSON WebConfig and Epson Web Control for SEIKO EPSON Projector Products do not restrict excessive authentication attempts. An administrative user's password may be identified through a brute force attack. | ||
| CVE-2017-12861 | Cri | 0.64 | 9.8 | 0.03 | Oct 10, 2017 | The Epson "EasyMP" software is designed to remotely stream a users computer to supporting projectors.These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only those who can view it are streaming.All Epson projectors supporting the "EasyMP"… | ||
| CVE-2017-12860 | Cri | 0.64 | 9.8 | 0.03 | Oct 10, 2017 | The Epson "EasyMP" software is designed to remotely stream a users computer to supporting projectors.These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only those who can view it are streaming.In addition to the password, each projector… | ||
| CVE-2023-7326 | Hig | 0.57 | — | 0.00 | Nov 12, 2025 | The Epson Stylus SX510W embedded web management service fails to properly handle consecutive ampersand characters in query parameters when accessing /PRESENTATION/HTML/TOP/INDEX.HTML. A remote attacker can send a malformed request that triggers improper input parsing or memory… | ||
| CVE-2019-20460 | Hig | 0.57 | 8.8 | 0.00 | Nov 7, 2024 | An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. POST requests don't require (anti-)CSRF tokens or other mechanisms for validating that the request is from a legitimate source. In addition, CSRF attacks can be used to send text directly to the RAW… | ||
| CVE-2019-20458 | Hig | 0.57 | 8.8 | 0.00 | Nov 7, 2024 | An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. By default, the device comes (and functions) without a password. The user is at no point prompted to set up a password on the device (leaving a number of devices without a password). In this case,… | ||
| CVE-2019-20459 | Hig | 0.55 | 8.4 | 0.00 | Nov 7, 2024 | An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. With the SNMPv1 public community, all values can be read, and with the epson community, all the changeable values can be written/updated, as demonstrated by permanently disabling the network card or… | ||
| CVE-2024-47295 | Hig | 0.53 | 8.1 | 0.01 | Oct 1, 2024 | Insecure initial password configuration issue in SEIKO EPSON Web Config allows a remote unauthenticated attacker to set an arbitrary password and operate the device with an administrative privilege. As for the details of the affected versions, see the information provided by the… | ||
| CVE-2025-4960 | Hig | 0.51 | 7.8 | 0.00 | Feb 19, 2026 | The com.epson.InstallNavi.helper tool, deployed with the EPSON printer driver installer, contains a local privilege escalation vulnerability due to multiple flaws in its implementation. It fails to properly authenticate clients over the XPC protocol and does not correctly… | ||
| CVE-2020-37064 | Hig | 0.51 | 7.8 | 0.00 | Feb 1, 2026 | EPSON EasyMP Network Projection 2.81 contains an unquoted service path vulnerability in the EMP_NSWLSV service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\EPSON Projector\EasyMP Network… | ||
| CVE-2020-36984 | Hig | 0.51 | 7.8 | 0.00 | Jan 28, 2026 | EPSON 1.124 contains an unquoted service path vulnerability in the SENADB service that allows local attackers to execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\ to inject… | ||
| CVE-2020-36975 | Hig | 0.51 | 7.8 | 0.00 | Jan 27, 2026 | EPSON Status Monitor 3 version 8.0 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers can leverage the unquoted path in 'C:\Program Files\Common… | ||
| CVE-2021-47898 | Hig | 0.51 | 7.8 | 0.00 | Jan 23, 2026 | Epson USB Display 1.6.0.0 contains an unquoted service path vulnerability in the EMP_UDSA service running with LocalSystem privileges. Attackers can exploit the unquoted path by placing malicious executables in intermediate directories to gain elevated system access. | ||
| CVE-2025-42598 | Hig | 0.51 | 7.8 | 0.00 | Apr 28, 2025 | Multiple SEIKO EPSON printer drivers for Windows OS are configured with an improper access permission settings when installed or used in a language other than English. If a user is directed to place a crafted DLL file in a location of an attacker's choosing, the attacker may… | ||
| CVE-2026-39047 | Hig | 0.49 | 7.5 | 0.01 | May 20, 2026 | Buffer Overflow vulnerability in EPSON L14150 FL27PB allows a remote attacker to execute arbitrary code via the RAW Printing Service (JetDirect) on TCP port 9100 | ||
| CVE-2018-14903 | Hig | 0.49 | 7.5 | 0.01 | Aug 30, 2018 | EPSON WF-2750 printers with firmware JP02I2 do not properly validate files before running updates, which allows remote attackers to cause a printer malfunction or send malicious data to the printer. | ||
| CVE-2018-14901 | Hig | 0.49 | 7.5 | 0.01 | Aug 30, 2018 | The EPSON iPrint application 6.6.3 for Android contains hard-coded API and Secret keys for the Dropbox, Box, Evernote and OneDrive services. | ||
| CVE-2018-14900 | Hig | 0.49 | 7.5 | 0.01 | Aug 30, 2018 | On EPSON WF-2750 printers with firmware JP02I2, there is no filtering of print jobs. Remote attackers can send print jobs directly to the printer via TCP port 9100. | ||
| CVE-2025-66635 | Hig | 0.47 | 7.2 | 0.00 | Dec 16, 2025 | Stack-based buffer overflow vulnerability exists in SEIKO EPSON Web Config. Specially crafted data input by a logged-in user may execute arbitrary code. As for the details of the affected products and versions, see the information provided by the vendor under [References]. | ||
| CVE-2018-5550 | Med | 0.43 | 6.1 | 0.37 | Feb 8, 2018 | Versions of Epson AirPrint released prior to January 19, 2018 contain a reflective cross-site scripting (XSS) vulnerability, which can allow untrusted users on the network to hijack a session cookie or perform other reflected XSS attacks on a currently logged-on user. | ||
| CVE-2017-6443 | Med | 0.43 | 6.1 | 0.03 | Mar 15, 2017 | Cross-site scripting (XSS) vulnerability in EPSON TMNet WebConfig 1.00 allows remote attackers to inject arbitrary web script or HTML via the W_AD1 parameter to Forms/oadmin_1. | ||
| CVE-2018-14899 | Med | 0.40 | 6.1 | 0.01 | Aug 30, 2018 | On the EPSON WF-2750 printer with firmware JP02I2, the Web interface AirPrint Setup page is vulnerable to HTML Injection that can redirect users to malicious sites. | ||
| CVE-2026-23767 | 0.00 | — | 0.00 | Mar 5, 2026 | ESC/POS, a printer control language designed by Seiko Epson Corporation, lacks mechanisms for user authentication and command authorization, does not provide controls to restrict sources or destinations of network communication, and transmits commands without encryption or… | |||
| CVE-2023-38556 | 0.00 | — | 0.01 | Aug 2, 2023 | Improper input validation vulnerability in SEIKO EPSON printer Web Config allows a remote attacker to turned off the printer. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers via a web browser. Web Config is… | |||
| CVE-2023-27520 | 0.00 | — | 0.00 | Apr 11, 2023 | Cross-site request forgery (CSRF) vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote unauthenticated attacker to hijack the authentication and perform unintended operations by having a logged-in user view a malicious page. [Note] Web Config is the… | |||
| CVE-2023-23572 | 0.00 | — | 0.01 | Apr 11, 2023 | Cross-site scripting vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. [Note] Web Config is the software that allows users to check the status and change the… | |||
| CVE-2022-36133 | 0.00 | — | 0.01 | Nov 25, 2022 | The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500 allows authentication bypass. | |||
| CVE-2020-9453 | 0.00 | — | 0.00 | Feb 5, 2021 | In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402406 and IOCtl 0x9C40240A. (0x9C402402 has only a NULL pointer… | |||
| CVE-2020-9014 | 0.00 | — | 0.00 | Feb 5, 2021 | In Epson iProjection v2.30, the driver file (EMP_NSAU.sys) allows local users to cause a denial of service (BSOD) via crafted input to the virtual audio device driver with IOCTL 0x9C402402, 0x9C402406, or 0x9C40240A. \Device\EMPNSAUIO and \DosDevices\EMPNSAU are similarly… | |||
| CVE-2020-5681 | 0.00 | — | 0.01 | Dec 24, 2020 | Untrusted search path vulnerability in self-extracting files created by EpsonNet SetupManager versions 2.2.14 and earlier, and Offirio SynergyWare PrintDirector versions 1.6x/1.6y and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified… | |||
| CVE-2020-28931 | 0.00 | — | 0.01 | Dec 16, 2020 | Lack of an anti-CSRF token in the entire administrative interface in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to force an administrator to execute external POST requests by visiting a malicious website. | |||
| CVE-2020-28930 | 0.00 | — | 0.01 | Dec 16, 2020 | A Cross-Site Scripting (XSS) issue in the 'update user' and 'delete user' functionalities in settings/users.php in EPSON EPS TSE Server 8 (21.0.11) allows an authenticated attacker to inject a JavaScript payload in the user management page that is executed by an administrator. | |||
| CVE-2020-28929 | 0.00 | — | 0.01 | Dec 16, 2020 | Unrestricted access to the log downloader functionality in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to remotely retrieve administrative hashed credentials via the maintenance/troubleshoot.php?download=1 URI. | |||
| CVE-2020-5674 | 0.00 | — | 0.00 | Nov 24, 2020 | Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2020-6091 | 0.00 | — | 0.02 | May 22, 2020 | An exploitable authentication bypass vulnerability exists in the ESPON Web Control functionality of Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303. A specially crafted series of HTTP requests can cause authentication bypass resulting in information disclosure. An… | |||
| CVE-2018-0689 | 0.00 | — | 0.02 | Jan 9, 2019 | HTTP header injection vulnerability in SEIKO EPSON printers and scanners (DS-570W firmware versions released prior to 2018 March 13, DS-780N firmware versions released prior to 2018 March 13, EP-10VA firmware versions released prior to 2017 September 4, EP-30VA firmware versions… | |||
| CVE-2018-0688 | 0.00 | — | 0.01 | Jan 9, 2019 | Open redirect vulnerability in SEIKO EPSON printers and scanners (DS-570W firmware versions released prior to 2018 March 13, DS-780N firmware versions released prior to 2018 March 13, EP-10VA firmware versions released prior to 2017 September 4, EP-30VA firmware versions… | |||
| CVE-2018-19232 | 0.00 | — | 0.01 | Dec 24, 2018 | The web service on Epson WorkForce WF-2861 10.48 LQ22I3(Recovery-mode), WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to cause a denial of service via a FIRMWAREUPDATE GET request, as demonstrated by the /DOWN/FIRMWAREUPDATE/ROM1 URI. | |||
| CVE-2018-18960 | 0.00 | — | 0.01 | Dec 24, 2018 | An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. They use SNMP to find certain devices on the network, but the default version is v2c, allowing an amplification attack. | |||
| CVE-2018-19248 | 0.00 | — | 0.01 | Dec 24, 2018 | The web service on Epson WorkForce WF-2861 10.48 LQ22I3(Recovery-mode), WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to upload a firmware file and reset the printer without authentication by making a request to the /DOWN/FIRMWAREUPDATE/ROM1 URI… | |||
| CVE-2018-18959 | 0.00 | — | 0.01 | Dec 24, 2018 | An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. On the 'Air Print Setting' web page, if the data for 'Bonjour Service Location' at /PRESENTATION/BONJOUR is more than 251 bytes when sending data for Air Print Setting, then… | |||
| CVE-2015-6034 | 0.00 | — | 0.00 | Oct 28, 2015 | EPSON Network Utility 4.10 uses weak permissions (Everyone: Full Control) for eEBSVC.exe, which allows local users to gain privileges via a Trojan horse file. | |||
| CVE-2010-3920 | 0.00 | — | 0.00 | Dec 8, 2010 | The Seiko Epson printer driver installers for LP-S9000 before 4.1.11 and LP-S7100 before 4.1.7, or as downloaded from the vendor between May 2010 and 20101125, set weak permissions for the "C:\Program Files" folder, which might allow local users to bypass intended access… |
- risk 0.64cvss 9.8epss 0.00
EPSON WebConfig and Epson Web Control for SEIKO EPSON Projector Products do not restrict excessive authentication attempts. An administrative user's password may be identified through a brute force attack.
- risk 0.64cvss 9.8epss 0.03
The Epson "EasyMP" software is designed to remotely stream a users computer to supporting projectors.These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only those who can view it are streaming.All Epson projectors supporting the "EasyMP"…
- risk 0.64cvss 9.8epss 0.03
The Epson "EasyMP" software is designed to remotely stream a users computer to supporting projectors.These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only those who can view it are streaming.In addition to the password, each projector…
- risk 0.57cvss —epss 0.00
The Epson Stylus SX510W embedded web management service fails to properly handle consecutive ampersand characters in query parameters when accessing /PRESENTATION/HTML/TOP/INDEX.HTML. A remote attacker can send a malformed request that triggers improper input parsing or memory…
- risk 0.57cvss 8.8epss 0.00
An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. POST requests don't require (anti-)CSRF tokens or other mechanisms for validating that the request is from a legitimate source. In addition, CSRF attacks can be used to send text directly to the RAW…
- risk 0.57cvss 8.8epss 0.00
An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. By default, the device comes (and functions) without a password. The user is at no point prompted to set up a password on the device (leaving a number of devices without a password). In this case,…
- risk 0.55cvss 8.4epss 0.00
An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. With the SNMPv1 public community, all values can be read, and with the epson community, all the changeable values can be written/updated, as demonstrated by permanently disabling the network card or…
- risk 0.53cvss 8.1epss 0.01
Insecure initial password configuration issue in SEIKO EPSON Web Config allows a remote unauthenticated attacker to set an arbitrary password and operate the device with an administrative privilege. As for the details of the affected versions, see the information provided by the…
- risk 0.51cvss 7.8epss 0.00
The com.epson.InstallNavi.helper tool, deployed with the EPSON printer driver installer, contains a local privilege escalation vulnerability due to multiple flaws in its implementation. It fails to properly authenticate clients over the XPC protocol and does not correctly…
- risk 0.51cvss 7.8epss 0.00
EPSON EasyMP Network Projection 2.81 contains an unquoted service path vulnerability in the EMP_NSWLSV service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\EPSON Projector\EasyMP Network…
- risk 0.51cvss 7.8epss 0.00
EPSON 1.124 contains an unquoted service path vulnerability in the SENADB service that allows local attackers to execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\ to inject…
- risk 0.51cvss 7.8epss 0.00
EPSON Status Monitor 3 version 8.0 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers can leverage the unquoted path in 'C:\Program Files\Common…
- risk 0.51cvss 7.8epss 0.00
Epson USB Display 1.6.0.0 contains an unquoted service path vulnerability in the EMP_UDSA service running with LocalSystem privileges. Attackers can exploit the unquoted path by placing malicious executables in intermediate directories to gain elevated system access.
- risk 0.51cvss 7.8epss 0.00
Multiple SEIKO EPSON printer drivers for Windows OS are configured with an improper access permission settings when installed or used in a language other than English. If a user is directed to place a crafted DLL file in a location of an attacker's choosing, the attacker may…
- risk 0.49cvss 7.5epss 0.01
Buffer Overflow vulnerability in EPSON L14150 FL27PB allows a remote attacker to execute arbitrary code via the RAW Printing Service (JetDirect) on TCP port 9100
- risk 0.49cvss 7.5epss 0.01
EPSON WF-2750 printers with firmware JP02I2 do not properly validate files before running updates, which allows remote attackers to cause a printer malfunction or send malicious data to the printer.
- risk 0.49cvss 7.5epss 0.01
The EPSON iPrint application 6.6.3 for Android contains hard-coded API and Secret keys for the Dropbox, Box, Evernote and OneDrive services.
- risk 0.49cvss 7.5epss 0.01
On EPSON WF-2750 printers with firmware JP02I2, there is no filtering of print jobs. Remote attackers can send print jobs directly to the printer via TCP port 9100.
- risk 0.47cvss 7.2epss 0.00
Stack-based buffer overflow vulnerability exists in SEIKO EPSON Web Config. Specially crafted data input by a logged-in user may execute arbitrary code. As for the details of the affected products and versions, see the information provided by the vendor under [References].
- risk 0.43cvss 6.1epss 0.37
Versions of Epson AirPrint released prior to January 19, 2018 contain a reflective cross-site scripting (XSS) vulnerability, which can allow untrusted users on the network to hijack a session cookie or perform other reflected XSS attacks on a currently logged-on user.
- risk 0.43cvss 6.1epss 0.03
Cross-site scripting (XSS) vulnerability in EPSON TMNet WebConfig 1.00 allows remote attackers to inject arbitrary web script or HTML via the W_AD1 parameter to Forms/oadmin_1.
- risk 0.40cvss 6.1epss 0.01
On the EPSON WF-2750 printer with firmware JP02I2, the Web interface AirPrint Setup page is vulnerable to HTML Injection that can redirect users to malicious sites.
- CVE-2026-23767Mar 5, 2026risk 0.00cvss —epss 0.00
ESC/POS, a printer control language designed by Seiko Epson Corporation, lacks mechanisms for user authentication and command authorization, does not provide controls to restrict sources or destinations of network communication, and transmits commands without encryption or…
- CVE-2023-38556Aug 2, 2023risk 0.00cvss —epss 0.01
Improper input validation vulnerability in SEIKO EPSON printer Web Config allows a remote attacker to turned off the printer. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers via a web browser. Web Config is…
- CVE-2023-27520Apr 11, 2023risk 0.00cvss —epss 0.00
Cross-site request forgery (CSRF) vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote unauthenticated attacker to hijack the authentication and perform unintended operations by having a logged-in user view a malicious page. [Note] Web Config is the…
- CVE-2023-23572Apr 11, 2023risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. [Note] Web Config is the software that allows users to check the status and change the…
- CVE-2022-36133Nov 25, 2022risk 0.00cvss —epss 0.01
The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500 allows authentication bypass.
- CVE-2020-9453Feb 5, 2021risk 0.00cvss —epss 0.00
In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402406 and IOCtl 0x9C40240A. (0x9C402402 has only a NULL pointer…
- CVE-2020-9014Feb 5, 2021risk 0.00cvss —epss 0.00
In Epson iProjection v2.30, the driver file (EMP_NSAU.sys) allows local users to cause a denial of service (BSOD) via crafted input to the virtual audio device driver with IOCTL 0x9C402402, 0x9C402406, or 0x9C40240A. \Device\EMPNSAUIO and \DosDevices\EMPNSAU are similarly…
- CVE-2020-5681Dec 24, 2020risk 0.00cvss —epss 0.01
Untrusted search path vulnerability in self-extracting files created by EpsonNet SetupManager versions 2.2.14 and earlier, and Offirio SynergyWare PrintDirector versions 1.6x/1.6y and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified…
- CVE-2020-28931Dec 16, 2020risk 0.00cvss —epss 0.01
Lack of an anti-CSRF token in the entire administrative interface in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to force an administrator to execute external POST requests by visiting a malicious website.
- CVE-2020-28930Dec 16, 2020risk 0.00cvss —epss 0.01
A Cross-Site Scripting (XSS) issue in the 'update user' and 'delete user' functionalities in settings/users.php in EPSON EPS TSE Server 8 (21.0.11) allows an authenticated attacker to inject a JavaScript payload in the user management page that is executed by an administrator.
- CVE-2020-28929Dec 16, 2020risk 0.00cvss —epss 0.01
Unrestricted access to the log downloader functionality in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to remotely retrieve administrative hashed credentials via the maintenance/troubleshoot.php?download=1 URI.
- CVE-2020-5674Nov 24, 2020risk 0.00cvss —epss 0.00
Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
- CVE-2020-6091May 22, 2020risk 0.00cvss —epss 0.02
An exploitable authentication bypass vulnerability exists in the ESPON Web Control functionality of Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303. A specially crafted series of HTTP requests can cause authentication bypass resulting in information disclosure. An…
- CVE-2018-0689Jan 9, 2019risk 0.00cvss —epss 0.02
HTTP header injection vulnerability in SEIKO EPSON printers and scanners (DS-570W firmware versions released prior to 2018 March 13, DS-780N firmware versions released prior to 2018 March 13, EP-10VA firmware versions released prior to 2017 September 4, EP-30VA firmware versions…
- CVE-2018-0688Jan 9, 2019risk 0.00cvss —epss 0.01
Open redirect vulnerability in SEIKO EPSON printers and scanners (DS-570W firmware versions released prior to 2018 March 13, DS-780N firmware versions released prior to 2018 March 13, EP-10VA firmware versions released prior to 2017 September 4, EP-30VA firmware versions…
- CVE-2018-19232Dec 24, 2018risk 0.00cvss —epss 0.01
The web service on Epson WorkForce WF-2861 10.48 LQ22I3(Recovery-mode), WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to cause a denial of service via a FIRMWAREUPDATE GET request, as demonstrated by the /DOWN/FIRMWAREUPDATE/ROM1 URI.
- CVE-2018-18960Dec 24, 2018risk 0.00cvss —epss 0.01
An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. They use SNMP to find certain devices on the network, but the default version is v2c, allowing an amplification attack.
- CVE-2018-19248Dec 24, 2018risk 0.00cvss —epss 0.01
The web service on Epson WorkForce WF-2861 10.48 LQ22I3(Recovery-mode), WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to upload a firmware file and reset the printer without authentication by making a request to the /DOWN/FIRMWAREUPDATE/ROM1 URI…
- CVE-2018-18959Dec 24, 2018risk 0.00cvss —epss 0.01
An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. On the 'Air Print Setting' web page, if the data for 'Bonjour Service Location' at /PRESENTATION/BONJOUR is more than 251 bytes when sending data for Air Print Setting, then…
- CVE-2015-6034Oct 28, 2015risk 0.00cvss —epss 0.00
EPSON Network Utility 4.10 uses weak permissions (Everyone: Full Control) for eEBSVC.exe, which allows local users to gain privileges via a Trojan horse file.
- CVE-2010-3920Dec 8, 2010risk 0.00cvss —epss 0.00
The Seiko Epson printer driver installers for LP-S9000 before 4.1.11 and LP-S7100 before 4.1.7, or as downloaded from the vendor between May 2010 and 20101125, set weak permissions for the "C:\Program Files" folder, which might allow local users to bypass intended access…