[Japanese]

JVNDB-2026-000096

SEIKO EPSON printers and scanners Web Config vulnerable to cross-site request forgery

Overview

Web Config embedded in multiple printers and scanners provided by SEIKO EPSON CORPORATION contains the following vulnerability.
  • Cross-site request forgery (CWE-352) - CVE-2026-58315
Kentaro Ishii of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None
CVSS v4 Severity
Base Metrics: 5.1 (Medium) [IPA Score]
  • Access Vector (AV): Network
  • Attack Complexity (AC): Low
  • Attack Requirements (AT): None
  • Privileges Required (PR): None
  • User Interaction (UI): Active
  • Vulnerable System Impact
  • Confidentiality Impact (VC): None
  • Integrity Impact (VI): Low
  • Availability Impact (VA): None
  • Subsequent System Impact
  • Confidentiality Impact (SC): None
  • Integrity Impact (SI): None
  • Availability Impact (SA): None
Affected Products


SEIKO EPSON CORPORATION
  • Web Config

A wide range of products are affected.
For more details, refer to the information provided by the developer.
Impact

If a user views a malicious page while logged into Web Config, unintended operations may be performed.
Solution

[Apply workarounds]
The developer recommends that users should apply workarounds when using the affected products.
For more details, refer to the information provided by the developer.
Vendor Information

SEIKO EPSON CORPORATION
CWE (What is CWE?)

  1. Cross-Site Request Forgery(CWE-352) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2026-58315
References

  1. JVN : JVN#87285119
Revision History

  • [2026/07/07]
      Web page was published