SecuriTricks - CVE-2025-35970

Description

On multiple products of SEIKO EPSON and FUJIFILM Corporation, the initial administrator password is easy to guess from the information available via SNMP. If the administrator password is not changed from the initial one, a remote attacker with SNMP access can log in to the product with the administrator privilege.

Product(s) Impacted

Vendor	Product	Versions
Seiko Epson	*	*
Fuji Film	*	*

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-1391

Use of Weak Credentials

The product uses weak credentials (such as a default key or hard-coded password) that can be calculated, derived, reused, or guessed by an attacker.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	seiko_epson	/	/	/	/	/	/	/	/	/
a	fuji_film	/	/	/	/	/	/	/	/	/

References

https://global.fujifilm.com/en/news/hq/697e

https://jvn.jp/en/vu/JVNVU91363496/

https://www.epson.jp/support/misc_t/250807_oshirase.htm

CVSS Score

8.7 / 10

CVSS Data - 4.0

Attack Vector: NETWORK
Attack Complexity: LOW
Attack Requirements: NONE
Privileges Required: NONE
User Interaction: NONE
Scope:
Confidentiality Impact: HIGH
Integrity Impact: NONE
Availability Impact: NONE
Exploit Maturity: NOT_DEFINED

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

View Vector String

Timeline

Published: Aug. 7, 2025, 6:15 a.m.
Last Modified: Aug. 7, 2025, 9:26 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

vultures@jpcert.or.jp

CVE-2025-35970