JVN#51846148
SEIKO EPSON printer Web Config vulnerable to stack-based buffer overflow
Overview
SEIKO EPSON printer Web Config contains a stack-based buffer overflow vulnerability.
Products Affected
- Web Config
For more details, refer to the information provided by the developer.
Description
Web Config is software installed on multiple SEIKO EPSON printers which allows users to check the status and change the settings via a web browser.
Web Config contains the following vulnerability.
- Stack-based buffer overflow (CWE-121)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.6
- CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 7.2
- CVE-2025-66635
Impact
Specially crafted data input by a logged-in user may execute arbitrary code.
Solution
Update the firmware
Update the firmware to the latest version according to the information provided by the developer.
Apply workarounds
The developer strongly recommends users to apply workarounds when using the affected products for which no updates are available.
For more details, refer to the information provided by the developer.
Vendor Status
| Vendor | Link |
| SEIKO EPSON CORPORATION | Command execution vulnerability in Epson Web Config (Text in Japanese) |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Shogo Iyota of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2025-66635 |
| JVN iPedia |
JVNDB-2025-000117 |