Vulnerabilities > Epson

DATE CVE VULNERABILITY TITLE RISK
2023-08-02 CVE-2023-38556 Unspecified vulnerability in Epson products
Improper input validation vulnerability in SEIKO EPSON printer Web Config allows a remote attacker to turned off the printer. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers via a web browser.
network
low complexity
epson
7.5
2023-04-11 CVE-2023-23572 Cross-site Scripting vulnerability in Epson products
Cross-site scripting vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.
network
low complexity
epson CWE-79
4.8
2023-04-11 CVE-2023-27520 Cross-Site Request Forgery (CSRF) vulnerability in Epson products
Cross-site request forgery (CSRF) vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote unauthenticated attacker to hijack the authentication and perform unintended operations by having a logged-in user view a malicious page.
network
low complexity
epson CWE-352
6.5
2022-11-25 CVE-2022-36133 Unspecified vulnerability in Epson products
The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500 allows authentication bypass.
network
low complexity
epson
critical
9.1
2021-02-05 CVE-2020-9453 NULL Pointer Dereference vulnerability in Epson Iprojection 2.30
In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402406 and IOCtl 0x9C40240A.
local
low complexity
epson CWE-476
5.5
2021-02-05 CVE-2020-9014 Unspecified vulnerability in Epson Iprojection 2.30
In Epson iProjection v2.30, the driver file (EMP_NSAU.sys) allows local users to cause a denial of service (BSOD) via crafted input to the virtual audio device driver with IOCTL 0x9C402402, 0x9C402406, or 0x9C40240A.
local
low complexity
epson
5.5
2020-12-24 CVE-2020-5681 Uncontrolled Search Path Element vulnerability in Epson products
Untrusted search path vulnerability in self-extracting files created by EpsonNet SetupManager versions 2.2.14 and earlier, and Offirio SynergyWare PrintDirector versions 1.6x/1.6y and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
local
low complexity
epson CWE-427
7.8
2020-12-16 CVE-2020-28931 Cross-Site Request Forgery (CSRF) vulnerability in Epson EPS TSE Server 8 Firmware 21.0.11
Lack of an anti-CSRF token in the entire administrative interface in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to force an administrator to execute external POST requests by visiting a malicious website.
network
low complexity
epson CWE-352
8.8
2020-12-16 CVE-2020-28930 Cross-site Scripting vulnerability in Epson EPS TSE Server 8 Firmware 21.0.11
A Cross-Site Scripting (XSS) issue in the 'update user' and 'delete user' functionalities in settings/users.php in EPSON EPS TSE Server 8 (21.0.11) allows an authenticated attacker to inject a JavaScript payload in the user management page that is executed by an administrator.
network
low complexity
epson CWE-79
5.4
2020-12-16 CVE-2020-28929 Missing Authentication for Critical Function vulnerability in Epson EPS TSE Server 8 Firmware 21.0.11
Unrestricted access to the log downloader functionality in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to remotely retrieve administrative hashed credentials via the maintenance/troubleshoot.php?download=1 URI.
network
low complexity
epson CWE-306
critical
9.8