CVE-2024-47295

EUVD-2024-42332
Insecure initial password configuration issue in SEIKO EPSON Web Config allows a remote unauthenticated attacker to set an arbitrary password and operate the device with an administrative privilege. As for the details of the affected versions, see the information provided by the vendor under [References].
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
seiko_epson_corporationweb_config
𝑥
< *
ADP
Common Weakness Enumeration
References
https://epson.com/Support/wa00958
https://jvn.jp/en/vu/JVNVU95133448/
https://www.epson.jp/support/misc_t/240930_03_oshirase.htm