CVE-2025-35970

HIGH

SEIKO EPSON/FUJIFILM - Info Disclosure

Title source: llm

Description

On multiple products of SEIKO EPSON and FUJIFILM Corporation, the initial administrator password is easy to guess from the information available via SNMP. If the administrator password is not changed from the initial one, a remote attacker with SNMP access can log in to the product with the administrator privilege.

References (3)

[Various Sources] https://global.fujifilm.com/en/news/hq/697e

[Various Sources] https://www.epson.jp/support/misc_t/250807_oshirase.htm

[Third Party Advisory] https://jvn.jp/en/vu/JVNVU91363496/

Scores

CVSS v3 7.5

EPSS 0.0009

EPSS Percentile 24.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-1391

Status published

Products (2)

FUJIFILM Corporation/FRONTIER DX400W all versions

SEIKO EPSON/Multiple EPSON product see the information provided by the vendor

Published Aug 07, 2025

Tracked Since Feb 18, 2026