CVE-2024-47295

Summary

Insecure initial password configuration issue in SEIKO EPSON Web Config allows a remote unauthenticated attacker to set an arbitrary password and operate the device with an administrative privilege. As for the details of the affected versions, see the information provided by the vendor under [References].

Affected Software

VendorProductVersion RangeStatus
SEIKO EPSON CORPORATIONWeb ConfigSee the information/details provided by the vendoraffected

Weaknesses

  • CWE-1188: Initialization of a resource with an insecure default

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References