CVE-2024-47295

Oct. 1, 2024, 2:35 p.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

SEIKO EPSON Web Config

Source

vultures@jpcert.or.jp

Tags

CVE-2024-47295 details

Published : Oct. 1, 2024, 4:15 a.m.
Last Modified : Oct. 1, 2024, 2:35 p.m.

Description

Insecure initial password configuration issue in SEIKO EPSON Web Config allows a remote unauthenticated attacker to set an arbitrary password and operate the device with an administrative privilege. As for the details of the affected versions, see the information provided by the vendor under [References].

CVSS Score

1 2 3 4 5 6 7 8.1 9 10

Weakness

Weakness Name Description
CWE-1188 Initialization of a Resource with an Insecure Default The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

CVSS Data

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

8.1

Exploitability Score

2.2

Impact Score

5.9

Base Severity

HIGH

References

URL Source
https://jvn.jp/en/vu/JVNVU95133448/ vultures@jpcert.or.jp
https://www.epson.jp/support/misc_t/240930_03_oshirase.htm vultures@jpcert.or.jp
This website uses the NVD API, but is not approved or certified by it.