Vulnerabilities > Epson
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-02 | CVE-2023-38556 | Unspecified vulnerability in Epson products Improper input validation vulnerability in SEIKO EPSON printer Web Config allows a remote attacker to turned off the printer. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers via a web browser. | 7.5 |
| 2023-04-11 | CVE-2023-23572 | Cross-site Scripting vulnerability in Epson products Cross-site scripting vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. | 4.8 |
| 2023-04-11 | CVE-2023-27520 | Cross-Site Request Forgery (CSRF) vulnerability in Epson products Cross-site request forgery (CSRF) vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote unauthenticated attacker to hijack the authentication and perform unintended operations by having a logged-in user view a malicious page. | 6.5 |
| 2022-11-25 | CVE-2022-36133 | Unspecified vulnerability in Epson products The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500 allows authentication bypass. | 9.1 |
| 2021-02-05 | CVE-2020-9453 | NULL Pointer Dereference vulnerability in Epson Iprojection 2.30 In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402406 and IOCtl 0x9C40240A. | 5.5 |
| 2021-02-05 | CVE-2020-9014 | Unspecified vulnerability in Epson Iprojection 2.30 In Epson iProjection v2.30, the driver file (EMP_NSAU.sys) allows local users to cause a denial of service (BSOD) via crafted input to the virtual audio device driver with IOCTL 0x9C402402, 0x9C402406, or 0x9C40240A. | 5.5 |
| 2020-12-24 | CVE-2020-5681 | Uncontrolled Search Path Element vulnerability in Epson products Untrusted search path vulnerability in self-extracting files created by EpsonNet SetupManager versions 2.2.14 and earlier, and Offirio SynergyWare PrintDirector versions 1.6x/1.6y and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 9.3 |
| 2020-12-16 | CVE-2020-28931 | Cross-Site Request Forgery (CSRF) vulnerability in Epson EPS TSE Server 8 Firmware 21.0.11 Lack of an anti-CSRF token in the entire administrative interface in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to force an administrator to execute external POST requests by visiting a malicious website. | 6.8 |
| 2020-12-16 | CVE-2020-28930 | Cross-site Scripting vulnerability in Epson EPS TSE Server 8 Firmware 21.0.11 A Cross-Site Scripting (XSS) issue in the 'update user' and 'delete user' functionalities in settings/users.php in EPSON EPS TSE Server 8 (21.0.11) allows an authenticated attacker to inject a JavaScript payload in the user management page that is executed by an administrator. | 3.5 |
| 2020-12-16 | CVE-2020-28929 | Insufficiently Protected Credentials vulnerability in Epson EPS TSE Server 8 Firmware 21.0.11 Unrestricted access to the log downloader functionality in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to remotely retrieve administrative hashed credentials via the maintenance/troubleshoot.php?download=1 URI. | 7.5 |