Vulnerabilities > Epson
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-30 | CVE-2018-14902 | Information Exposure vulnerability in Epson Iprint 6.6.3 The ContentProvider in the EPSON iPrint application 6.6.3 for Android does not properly restrict data access. | 5.0 |
| 2018-08-30 | CVE-2018-14901 | Use of Hard-coded Credentials vulnerability in Epson Iprint 6.6.3 The EPSON iPrint application 6.6.3 for Android contains hard-coded API and Secret keys for the Dropbox, Box, Evernote and OneDrive services. | 5.0 |
| 2018-08-30 | CVE-2018-14900 | Channel and Path Errors vulnerability in Epson Wf-2750 Firmware Jp02L2 On EPSON WF-2750 printers with firmware JP02I2, there is no filtering of print jobs. | 5.0 |
| 2018-08-30 | CVE-2018-14899 | Cross-site Scripting vulnerability in Epson Wf-2750 Firmware Jp02L2 On the EPSON WF-2750 printer with firmware JP02I2, the Web interface AirPrint Setup page is vulnerable to HTML Injection that can redirect users to malicious sites. | 4.3 |
| 2018-02-08 | CVE-2018-5550 | Cross-site Scripting vulnerability in Epson Airprint Versions of Epson AirPrint released prior to January 19, 2018 contain a reflective cross-site scripting (XSS) vulnerability, which can allow untrusted users on the network to hijack a session cookie or perform other reflected XSS attacks on a currently logged-on user. | 4.3 |
| 2017-10-10 | CVE-2017-12861 | Weak Password Requirements vulnerability in Epson Easymp 2.86 The Epson "EasyMP" software is designed to remotely stream a users computer to supporting projectors.These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only those who can view it are streaming.All Epson projectors supporting the "EasyMP" software are vulnerable to a brute-force vulnerability, allowing any attacker on the network to remotely control and stream to the vulnerable device | 7.5 |
| 2017-10-10 | CVE-2017-12860 | Use of Hard-coded Credentials vulnerability in Epson Easymp 2.86 The Epson "EasyMP" software is designed to remotely stream a users computer to supporting projectors.These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only those who can view it are streaming.In addition to the password, each projector has a hardcoded "backdoor" code (2270), which authenticates to all devices. | 5.0 |
| 2017-03-15 | CVE-2017-6443 | Cross-site Scripting vulnerability in Epson Tmnet Webconfig 1.00 Cross-site scripting (XSS) vulnerability in EPSON TMNet WebConfig 1.00 allows remote attackers to inject arbitrary web script or HTML via the W_AD1 parameter to Forms/oadmin_1. | 4.3 |
| 2015-10-28 | CVE-2015-6034 | Permissions, Privileges, and Access Controls vulnerability in Epson Network Utility 4.10 EPSON Network Utility 4.10 uses weak permissions (Everyone: Full Control) for eEBSVC.exe, which allows local users to gain privileges via a Trojan horse file. | 6.9 |
| 2010-12-08 | CVE-2010-3920 | Permissions, Privileges, and Access Controls vulnerability in Epson products The Seiko Epson printer driver installers for LP-S9000 before 4.1.11 and LP-S7100 before 4.1.7, or as downloaded from the vendor between May 2010 and 20101125, set weak permissions for the "C:\Program Files" folder, which might allow local users to bypass intended access restrictions and create or modify arbitrary files and directories. | 4.6 |