| [Japanese] | |
JVNDB-2024-009481 | |
Insecure initial password configuration issue in SEIKO EPSON Web Config | |
| Overview | |
Web Config is software that allows users to check the status and change the settings of SEIKO EPSON products, e.g., printers and scanners, via a web browser. In the initial setting no administrative password is set, and when a user connects the device and configures Web Config settings for the first time, the user is requested to set the password. | |
| CVSS Severity (What is CVSS?) | |
|
CVSS V3 Severity:
Base Metrics 8.1 (High) [Other]
[Comment]
The attack scenario assumes the condition that the target device is connected to network with Web Config never configured. AC (Attack Complexity) is evaluated as H (High) according to CVSS 3.0 specification.
| |
| Affected Products | |
|
| |
SEIKO EPSON CORPORATION | |
For the information of the affected devices, please refer to the information (in Japanese) provided by the developer. | |
| Impact | |
When the product is connected to network without the Web Config settings configured, an arbitrary password may be set and the product may be operated with an administrative privilege by an attacker. | |
| Solution | |
[Apply the workaround] | |
| Vendor Information | |
SEIKO EPSON CORPORATION | |
| CWE (What is CWE?) | |
|
| |
| CVE (What is CVE?) | |
|
| |
| References | |
| |
| Revision History | |
|
| Date Public | 2024/09/30 |
| Date First Published | 2024/10/01 |
| Date Last Updated | 2024/10/01 |
