Vulnerabilities > Epson

DATE CVE VULNERABILITY TITLE RISK
2022-11-25 CVE-2022-36133 Improper Authentication vulnerability in Epson products
The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500 allows authentication bypass.
network
low complexity
epson CWE-287
critical
9.1
2021-02-05 CVE-2020-9453 NULL Pointer Dereference vulnerability in Epson Iprojection 2.30
In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402406 and IOCtl 0x9C40240A.
local
low complexity
epson CWE-476
5.5
2021-02-05 CVE-2020-9014 Unspecified vulnerability in Epson Iprojection 2.30
In Epson iProjection v2.30, the driver file (EMP_NSAU.sys) allows local users to cause a denial of service (BSOD) via crafted input to the virtual audio device driver with IOCTL 0x9C402402, 0x9C402406, or 0x9C40240A.
local
low complexity
epson
5.5
2020-12-24 CVE-2020-5681 Uncontrolled Search Path Element vulnerability in Epson products
Untrusted search path vulnerability in self-extracting files created by EpsonNet SetupManager versions 2.2.14 and earlier, and Offirio SynergyWare PrintDirector versions 1.6x/1.6y and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
network
epson CWE-427
critical
9.3
2020-12-16 CVE-2020-28931 Cross-Site Request Forgery (CSRF) vulnerability in Epson EPS TSE Server 8 Firmware 21.0.11
Lack of an anti-CSRF token in the entire administrative interface in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to force an administrator to execute external POST requests by visiting a malicious website.
network
epson CWE-352
6.8
2020-12-16 CVE-2020-28930 Cross-site Scripting vulnerability in Epson EPS TSE Server 8 Firmware 21.0.11
A Cross-Site Scripting (XSS) issue in the 'update user' and 'delete user' functionalities in settings/users.php in EPSON EPS TSE Server 8 (21.0.11) allows an authenticated attacker to inject a JavaScript payload in the user management page that is executed by an administrator.
network
epson CWE-79
3.5
2020-12-16 CVE-2020-28929 Insufficiently Protected Credentials vulnerability in Epson EPS TSE Server 8 Firmware 21.0.11
Unrestricted access to the log downloader functionality in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to remotely retrieve administrative hashed credentials via the maintenance/troubleshoot.php?download=1 URI.
network
low complexity
epson CWE-522
7.5
2020-11-24 CVE-2020-5674 Untrusted Search Path vulnerability in Epson products
Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
local
epson CWE-426
4.4
2020-06-08 CVE-2020-12695 Incorrect Default Permissions vulnerability in multiple products
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
7.5
2020-05-22 CVE-2020-6091 Improper Authentication vulnerability in Epson Eb-1470Ui Firmware
An exploitable authentication bypass vulnerability exists in the ESPON Web Control functionality of Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303.
network
low complexity
epson CWE-287
6.4