Products
SEIKO EPSON Web Config
Source
vultures@jpcert.or.jp
Tags
CVE-2024-47295 details
Published : Oct. 1, 2024, 4:15 a.m.
Last Modified : Oct. 1, 2024, 2:35 p.m.
Last Modified : Oct. 1, 2024, 2:35 p.m.
Description
Insecure initial password configuration issue in SEIKO EPSON Web Config allows a remote unauthenticated attacker to set an arbitrary password and operate the device with an administrative privilege. As for the details of the affected versions, see the information provided by the vendor under [References].
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8.1 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-1188 | Initialization of a Resource with an Insecure Default | The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
8.1
Exploitability Score
2.2
Impact Score
5.9
Base Severity
HIGH
Vector String : CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
References
| URL | Source |
|---|---|
| https://jvn.jp/en/vu/JVNVU95133448/ | vultures@jpcert.or.jp |
| https://www.epson.jp/support/misc_t/240930_03_oshirase.htm | vultures@jpcert.or.jp |
This website uses the NVD API, but is not approved or certified by it.