CVE-2024-47295 HIGH

CVE-2024-47295

Vendor Seiko Epson Corporation
Product Web Config
Weakness CWE-1188
Published October 1, 2024
Last update November 11, 2024

CVSS base score

8.1/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Insecure initial password configuration issue in SEIKO EPSON Web Config allows a remote unauthenticated attacker to set an arbitrary password and operate the device with an administrative privilege. As for the details of the affected versions, see the information provided by the vendor under [References].

Key dates

02Disclosure timeline

October 1, 2024 CVE published
November 11, 2024 Record updated