CVE-2025-64310
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
EPSON WebConfig and Epson Web Control for SEIKO EPSON Projector Products do not restrict excessive authentication attempts. An administrative user's password may be identified through a brute force attack.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SEIKO EPSON CORPORATION | EPSON WebConfig for SEIKO EPSON Projector Products | see the information provided by the vendor | affected |
| SEIKO EPSON CORPORATION | Epson Web Control for SEIKO EPSON Projector Products | see the information provided by the vendor | affected |
Weaknesses
- CWE-307: Improper restriction of excessive authentication attempts
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://www.epson.co.uk/en_GB/faq/KA-02041/contents?loc=en-us
- https://www.epson.jp/support/misc_t/251120_oshirase.htm
- https://jvn.jp/en/vu/JVNVU95021911/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.