CVE-2024-47295

Published Oct 1, 2024

Last updated 6 days ago

Overview

Description: Insecure initial password configuration issue in SEIKO EPSON Web Config allows a remote unauthenticated attacker to set an arbitrary password and operate the device with an administrative privilege. As for the details of the affected versions, see the information provided by the vendor under [References].
Source: vultures@jpcert.or.jp
NVD status: Awaiting Analysis

Risk scores

CVSS 3.1

Type: Secondary
Base score: 8.1
Impact score: 5.9
Exploitability score: 2.2
Vector string: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 3.0

Type: Secondary
Base score: 8.1
Impact score: 5.9
Exploitability score: 2.2
Vector string: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

vultures@jpcert.or.jp: CWE-1188

Hype score: Not currently trending

CVE-2024-47295 (Published: 2024-11-07) - High severity vulnerability in Epson products. Affects multiple versions. Users are urged to apply the latest security updates to mitigate risks. For detailed remediation steps, visit: https://t.co/EQttMJm8Kn #CyberSecurity #Epson #CVE
@transilienceai
10 Nov 2024
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

References