Search criteria
8 vulnerabilities found for Web Config by SEIKO EPSON CORPORATION
CVE-2025-66635 (GCVE-0-2025-66635)
Vulnerability from nvd – Published: 2025-12-16 06:59 – Updated: 2025-12-22 02:27
VLAI?
Summary
Stack-based buffer overflow vulnerability exists in SEIKO EPSON Web Config. Specially crafted data input by a logged-in user may execute arbitrary code. As for the details of the affected products and versions, see the information provided by the vendor under [References].
Severity ?
CWE
- CWE-121 - Stack-based buffer overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SEIKO EPSON CORPORATION | Web Config |
Affected:
See the information/details provided by the vendor
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66635",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T21:32:37.175744Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T21:32:43.584Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Web Config",
"vendor": "SEIKO EPSON CORPORATION",
"versions": [
{
"status": "affected",
"version": "See the information/details provided by the vendor"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow vulnerability exists in SEIKO EPSON Web Config. Specially crafted data input by a logged-in user may execute arbitrary code. As for the details of the affected products and versions, see the information provided by the vendor under [References]."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based buffer overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-22T02:27:45.711Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.epson.jp/support/misc_t/251216_oshirase.htm"
},
{
"url": "https://epson.com/Support/wa00971"
},
{
"url": "https://jvn.jp/en/jp/JVN51846148/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-66635",
"datePublished": "2025-12-16T06:59:25.611Z",
"dateReserved": "2025-12-10T06:27:24.088Z",
"dateUpdated": "2025-12-22T02:27:45.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47295 (GCVE-0-2024-47295)
Vulnerability from nvd – Published: 2024-10-01 03:16 – Updated: 2024-11-11 07:15
VLAI?
Summary
Insecure initial password configuration issue in SEIKO EPSON Web Config allows a remote unauthenticated attacker to set an arbitrary password and operate the device with an administrative privilege. As for the details of the affected versions, see the information provided by the vendor under [References].
Severity ?
8.1 (High)
CWE
- CWE-1188 - Initialization of a resource with an insecure default
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SEIKO EPSON CORPORATION | Web Config |
Affected:
See the information/details provided by the vendor
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:seiko_epson_corporation:web_config:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "web_config",
"vendor": "seiko_epson_corporation",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-47295",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T14:01:15.326202Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T14:01:18.787Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Web Config",
"vendor": "SEIKO EPSON CORPORATION",
"versions": [
{
"status": "affected",
"version": "See the information/details provided by the vendor"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure initial password configuration issue in SEIKO EPSON Web Config allows a remote unauthenticated attacker to set an arbitrary password and operate the device with an administrative privilege. As for the details of the affected versions, see the information provided by the vendor under [References]."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "Initialization of a resource with an insecure default",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T07:15:21.646Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://epson.com/Support/wa00958"
},
{
"url": "https://www.epson.jp/support/misc_t/240930_03_oshirase.htm"
},
{
"url": "https://jvn.jp/en/vu/JVNVU95133448/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-47295",
"datePublished": "2024-10-01T03:16:40.052Z",
"dateReserved": "2024-09-24T08:32:15.357Z",
"dateUpdated": "2024-11-11T07:15:21.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-66635 (GCVE-0-2025-66635)
Vulnerability from cvelistv5 – Published: 2025-12-16 06:59 – Updated: 2025-12-22 02:27
VLAI?
Summary
Stack-based buffer overflow vulnerability exists in SEIKO EPSON Web Config. Specially crafted data input by a logged-in user may execute arbitrary code. As for the details of the affected products and versions, see the information provided by the vendor under [References].
Severity ?
CWE
- CWE-121 - Stack-based buffer overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SEIKO EPSON CORPORATION | Web Config |
Affected:
See the information/details provided by the vendor
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66635",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T21:32:37.175744Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T21:32:43.584Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Web Config",
"vendor": "SEIKO EPSON CORPORATION",
"versions": [
{
"status": "affected",
"version": "See the information/details provided by the vendor"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow vulnerability exists in SEIKO EPSON Web Config. Specially crafted data input by a logged-in user may execute arbitrary code. As for the details of the affected products and versions, see the information provided by the vendor under [References]."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based buffer overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-22T02:27:45.711Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.epson.jp/support/misc_t/251216_oshirase.htm"
},
{
"url": "https://epson.com/Support/wa00971"
},
{
"url": "https://jvn.jp/en/jp/JVN51846148/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-66635",
"datePublished": "2025-12-16T06:59:25.611Z",
"dateReserved": "2025-12-10T06:27:24.088Z",
"dateUpdated": "2025-12-22T02:27:45.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47295 (GCVE-0-2024-47295)
Vulnerability from cvelistv5 – Published: 2024-10-01 03:16 – Updated: 2024-11-11 07:15
VLAI?
Summary
Insecure initial password configuration issue in SEIKO EPSON Web Config allows a remote unauthenticated attacker to set an arbitrary password and operate the device with an administrative privilege. As for the details of the affected versions, see the information provided by the vendor under [References].
Severity ?
8.1 (High)
CWE
- CWE-1188 - Initialization of a resource with an insecure default
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SEIKO EPSON CORPORATION | Web Config |
Affected:
See the information/details provided by the vendor
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:seiko_epson_corporation:web_config:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "web_config",
"vendor": "seiko_epson_corporation",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-47295",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T14:01:15.326202Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T14:01:18.787Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Web Config",
"vendor": "SEIKO EPSON CORPORATION",
"versions": [
{
"status": "affected",
"version": "See the information/details provided by the vendor"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure initial password configuration issue in SEIKO EPSON Web Config allows a remote unauthenticated attacker to set an arbitrary password and operate the device with an administrative privilege. As for the details of the affected versions, see the information provided by the vendor under [References]."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "Initialization of a resource with an insecure default",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T07:15:21.646Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://epson.com/Support/wa00958"
},
{
"url": "https://www.epson.jp/support/misc_t/240930_03_oshirase.htm"
},
{
"url": "https://jvn.jp/en/vu/JVNVU95133448/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-47295",
"datePublished": "2024-10-01T03:16:40.052Z",
"dateReserved": "2024-09-24T08:32:15.357Z",
"dateUpdated": "2024-11-11T07:15:21.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2025-000117
Vulnerability from jvndb - Published: 2025-12-16 15:31 - Updated:2025-12-23 11:57
Severity ?
Summary
SEIKO EPSON printer Web Config vulnerable to stack-based buffer overflow
Details
Web Config is software installed on multiple SEIKO EPSON printers which allows users to check the status and change the settings via a web browser.
Web Config contains the following vulnerability.
- Stack-based buffer overflow (CWE-121) - CVE-2025-66635
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000117.html",
"dc:date": "2025-12-23T11:57+09:00",
"dcterms:issued": "2025-12-16T15:31+09:00",
"dcterms:modified": "2025-12-23T11:57+09:00",
"description": "Web Config is software installed on multiple SEIKO EPSON printers which allows users to check the status and change the settings via a web browser.\r\nWeb Config contains the following vulnerability.\u003cul\u003e\u003cli\u003eStack-based buffer overflow (CWE-121) - CVE-2025-66635\u003c/li\u003e\u003c/ul\u003eShogo Iyota of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000117.html",
"sec:cpe": {
"#text": "cpe:/a:epson:web_config",
"@product": "Web Config",
"@vendor": "SEIKO EPSON CORPORATION",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.2",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-000117",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN51846148/index.html",
"@id": "JVN#51846148",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-66635",
"@id": "CVE-2025-66635",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "SEIKO EPSON printer Web Config vulnerable to stack-based buffer overflow"
}
JVNDB-2024-009481
Vulnerability from jvndb - Published: 2024-10-01 14:14 - Updated:2024-11-12 10:25
Severity ?
Summary
Insecure initial password configuration issue in SEIKO EPSON Web Config
Details
Web Config is software that allows users to check the status and change the settings of SEIKO EPSON products, e.g., printers and scanners, via a web browser. In the initial setting no administrative password is set, and when a user connects the device and configures Web Config settings for the first time, the user is requested to set the password.
Therefore, when a product is connected to network without the Web Config settings configured, arbitrary password may be set and the device may be operated with an administrative privilege by an attacker (CWE-1188).
George Puckett reported this vulnerability to CERT/CC.
Requested by CERT/CC, JPCERT/CC coordinated with the developer.
References
| Type | URL | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-009481.html",
"dc:date": "2024-11-12T10:25+09:00",
"dcterms:issued": "2024-10-01T14:14+09:00",
"dcterms:modified": "2024-11-12T10:25+09:00",
"description": "Web Config is software that allows users to check the status and change the settings of SEIKO EPSON products, e.g., printers and scanners, via a web browser. In the initial setting no administrative password is set, and when a user connects the device and configures Web Config settings for the first time, the user is requested to set the password.\r\nTherefore, when a product is connected to network without the Web Config settings configured, arbitrary password may be set and the device may be operated with an administrative privilege by an attacker (CWE-1188).\r\n\r\nGeorge Puckett reported this vulnerability to CERT/CC.\r\nRequested by CERT/CC, JPCERT/CC coordinated with the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-009481.html",
"sec:cpe": {
"#text": "cpe:/a:epson:web_config",
"@product": "Web Config",
"@vendor": "SEIKO EPSON CORPORATION",
"@version": "2.2"
},
"sec:cvss": {
"@score": "8.1",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-009481",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU95133448/index.html",
"@id": "JVNVU#95133448",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=\tCVE-2024-47295",
"@id": "CVE-2024-47295",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/1188.html",
"@id": "CWE-1188",
"@title": "Insecure Default Initialization of Resource(CWE-1188)"
}
],
"title": "Insecure initial password configuration issue in SEIKO EPSON Web Config"
}
JVNDB-2023-000076
Vulnerability from jvndb - Published: 2023-08-02 14:55 - Updated:2024-04-19 17:27
Severity ?
Summary
SEIKO EPSON printer Web Config vulnerable to denial-of-service (DoS)
Details
SEIKO EPSON printer Web Config contains a denial-of-service (DoS) vulnerability due to improper input validation (CWE-20).
SEIKO EPSON CORPORATION reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and SEIKO EPSON CORPORATION coordinated under the Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000076.html",
"dc:date": "2024-04-19T17:27+09:00",
"dcterms:issued": "2023-08-02T14:55+09:00",
"dcterms:modified": "2024-04-19T17:27+09:00",
"description": "SEIKO EPSON printer Web Config contains a denial-of-service (DoS) vulnerability due to improper input validation (CWE-20).\r\n\r\nSEIKO EPSON CORPORATION reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and SEIKO EPSON CORPORATION coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000076.html",
"sec:cpe": {
"#text": "cpe:/a:epson:web_config",
"@product": "Web Config",
"@vendor": "SEIKO EPSON CORPORATION",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"@version": "2.0"
},
{
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000076",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN61337171/index.html",
"@id": "JVN#61337171",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-38556",
"@id": "CVE-2023-38556",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-38556",
"@id": "CVE-2023-38556",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "SEIKO EPSON printer Web Config vulnerable to denial-of-service (DoS)"
}
JVNDB-2023-000022
Vulnerability from jvndb - Published: 2023-03-08 15:09 - Updated:2024-06-03 17:36
Severity ?
Summary
Multiple vulnerabilities in SEIKO EPSON printers/network interface Web Config
Details
Web Config for printers/network interface provided by SEIKO EPSON CORPORATION contains multiple vulnerabilities listed below.
Stored cross-site Scripting (CWE-79) - CVE-2023-23572
Cross-Site Request Forgery (CWE-352) - CVE-2023-27520
Takaya Noma, Yudai Morii, Hiroki Yasui, Takayuki Sasaki, and Katsunari Yoshioka of Yokohama National University reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000022.html",
"dc:date": "2024-06-03T17:36+09:00",
"dcterms:issued": "2023-03-08T15:09+09:00",
"dcterms:modified": "2024-06-03T17:36+09:00",
"description": "Web Config for printers/network interface provided by SEIKO EPSON CORPORATION contains multiple vulnerabilities listed below.\r\n\u003cli\u003eStored cross-site Scripting (CWE-79) - CVE-2023-23572\r\n\u003cli\u003eCross-Site Request Forgery (CWE-352) - CVE-2023-27520\r\n\r\nTakaya Noma, Yudai Morii, Hiroki Yasui, Takayuki Sasaki, and Katsunari Yoshioka of Yokohama National University reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000022.html",
"sec:cpe": {
"#text": "cpe:/a:epson:web_config",
"@product": "Web Config",
"@vendor": "SEIKO EPSON CORPORATION",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000022",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN82424996/index.html",
"@id": "JVN#82424996",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-27520",
"@id": "CVE-2023-27520",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-23572",
"@id": "CVE-2023-23572",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-23572",
"@id": "CVE-2023-23572",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-27520",
"@id": "CVE-2023-27520",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple vulnerabilities in SEIKO EPSON printers/network interface Web Config"
}