CVE-2024-47295

HIGH

SEIKO EPSON Web Config - RCE

Title source: llm

Description

Insecure initial password configuration issue in SEIKO EPSON Web Config allows a remote unauthenticated attacker to set an arbitrary password and operate the device with an administrative privilege. As for the details of the affected versions, see the information provided by the vendor under [References].

References (3)

[Various Sources] https://epson.com/Support/wa00958

[Various Sources] https://www.epson.jp/support/misc_t/240930_03_oshirase.htm

[Third Party Advisory] https://jvn.jp/en/vu/JVNVU95133448/

Scores

CVSS v3 8.1

EPSS 0.0127

EPSS Percentile 79.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-1188

Status published

Products (1)

SEIKO EPSON CORPORATION/Web Config See the information/details provided by the vendor

Published Oct 01, 2024

Tracked Since Feb 18, 2026