Published:2025/08/07 Last Updated:2025/08/07
JVNVU#91363496
Multiple SEIKO EPSON products use weak initial passwords
Overview
Multiple SEIKO EPSON products use weak initial passwords.
Products Affected
A wide range of products are affected.
As for the details of affected product names and model numbers, refer to the information provided by the respective vendors in [Vendor Status].
Description
Multiple SEIKO EPSON products contain the following vulnerability.
- Use of weak credentials (CWE-1391)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 8.7
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score 7.5
- CVE-2025-35970
- The initial administrator password is easy to guess from the information available via SNMP
Impact
If the administrator password is not changed from the initial one, a remote attacker with SNMP access can log in to the product with the administrator privilege.
Solution
Apply the Workaround
Applying the following workarounds to mitigate the impact of this vulnerability.
- Change the administrator password, and manage it appropriately
- Connect the product to a firewall-protected network
- Connect the product to a network with a private IP address
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| FUJIFILM Corporation | Vulnerable | 2025/08/07 | FUJIFILM Corporation website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
SEIKO EPSON CORPORATION reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2025-35970 |
| JVN iPedia |
|