[Japanese]

JVNDB-2025-019621

EPSON WebConfig / Epson Web Control for SEIKO EPSON Projector Products do not restrict excessive authentication attempts

Overview

EPSON WebConfig / Epson Web Control for SEIKO EPSON Projector Products provided by SEIKO EPSON CORPORATION contain the following vulnerability.
  • Improper restriction of excessive authentication attempts (CWE-307) - CVE-2025-64310
SEIKO EPSON CORPORATION reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 9.8 (Critical) [Other]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
Affected Products

A wide range of products are affected.
As for the details of affected product names and model numbers, refer to the information provided by the vendor in [Vendor Status].

SEIKO EPSON CORPORATION
  • (Multiple Products)

Impact

An administrative user's password may be identified through a brute force attack.
Solution

[Update the firmware]
Update the firmware to the latest version according to the information provided by the developer.

[Apply the workaround]
The developer recommends applying the workaround for the affected products.

For more information, refer to the information provided by the developer.
Vendor Information

SEIKO EPSON CORPORATION
CWE (What is CWE?)

  1. Improper Restriction of Excessive Authentication Attempts(CWE-307) [Other]
CVE (What is CVE?)

  1. CVE-2025-64310
References

  1. JVN : JVNVU#95021911
Revision History

  • [2025/11/21]
      Web page was published

Date Public2025/11/20
Date First Published2025/11/21
Date Last Updated2025/11/21