Vulnerabilities > Epson
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-25 | CVE-2022-36133 | Improper Authentication vulnerability in Epson products The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500 allows authentication bypass. | 9.1 |
| 2021-02-05 | CVE-2020-9453 | NULL Pointer Dereference vulnerability in Epson Iprojection 2.30 In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402406 and IOCtl 0x9C40240A. | 5.5 |
| 2021-02-05 | CVE-2020-9014 | Unspecified vulnerability in Epson Iprojection 2.30 In Epson iProjection v2.30, the driver file (EMP_NSAU.sys) allows local users to cause a denial of service (BSOD) via crafted input to the virtual audio device driver with IOCTL 0x9C402402, 0x9C402406, or 0x9C40240A. | 5.5 |
| 2020-12-24 | CVE-2020-5681 | Uncontrolled Search Path Element vulnerability in Epson products Untrusted search path vulnerability in self-extracting files created by EpsonNet SetupManager versions 2.2.14 and earlier, and Offirio SynergyWare PrintDirector versions 1.6x/1.6y and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 9.3 |
| 2020-12-16 | CVE-2020-28931 | Cross-Site Request Forgery (CSRF) vulnerability in Epson EPS TSE Server 8 Firmware 21.0.11 Lack of an anti-CSRF token in the entire administrative interface in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to force an administrator to execute external POST requests by visiting a malicious website. | 6.8 |
| 2020-12-16 | CVE-2020-28930 | Cross-site Scripting vulnerability in Epson EPS TSE Server 8 Firmware 21.0.11 A Cross-Site Scripting (XSS) issue in the 'update user' and 'delete user' functionalities in settings/users.php in EPSON EPS TSE Server 8 (21.0.11) allows an authenticated attacker to inject a JavaScript payload in the user management page that is executed by an administrator. | 3.5 |
| 2020-12-16 | CVE-2020-28929 | Insufficiently Protected Credentials vulnerability in Epson EPS TSE Server 8 Firmware 21.0.11 Unrestricted access to the log downloader functionality in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to remotely retrieve administrative hashed credentials via the maintenance/troubleshoot.php?download=1 URI. | 7.5 |
| 2020-11-24 | CVE-2020-5674 | Untrusted Search Path vulnerability in Epson products Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 4.4 |
| 2020-06-08 | CVE-2020-12695 | Incorrect Default Permissions vulnerability in multiple products The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. | 7.5 |
| 2020-05-22 | CVE-2020-6091 | Improper Authentication vulnerability in Epson Eb-1470Ui Firmware An exploitable authentication bypass vulnerability exists in the ESPON Web Control functionality of Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303. | 6.4 |