|
[Japanese]
|
JVNDB-2025-019621
|
EPSON WebConfig / Epson Web Control for SEIKO EPSON Projector Products do not restrict excessive authentication attempts
|
|
EPSON WebConfig / Epson Web Control for SEIKO EPSON Projector Products provided by SEIKO EPSON CORPORATION contain the following vulnerability.- Improper restriction of excessive authentication attempts (CWE-307) - CVE-2025-64310
Vladislav Khegay and Aigerim Alibek of Astana IT University reported this vulnerability to SEIKO EPSON CORPORATION and coordinated. SEIKO EPSON CORPORATION and JPCERT/CC published respective advisories in order to notify users of this vulnerability.
|
|
CVSS V3 Severity:
Base Metrics 9.8 (Critical) [Other]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
|
|
A wide range of products are affected.
As for the details of affected product names and model numbers, refer to the information provided by the vendor in [Vendor Status].
|
SEIKO EPSON CORPORATION
|
|
|
An administrative user's password may be identified through a brute force attack.
|
|
[Update the firmware]
Update the firmware to the latest version according to the information provided by the developer.
[Apply the workaround]
The developer recommends applying the workaround for the affected products.
For more information, refer to the information provided by the developer.
|
|
SEIKO EPSON CORPORATION
|
|
- Improper Restriction of Excessive Authentication Attempts(CWE-307) [Other]
|
|
- CVE-2025-64310
|
|
- JVN : JVNVU#95021911
|
|
- [2025/11/21]
Web page was published
- [2025/12/24]
Overview was modified
Vendor Information : Content was modified
|
