Published:2026/07/07  Last Updated:2026/07/07

JVN#87285119
SEIKO EPSON printers and scanners Web Config vulnerable to cross-site request forgery

Overview

Web Config embedded in SEIKO EPSON multiple printers and scanners contains a cross-site request forgery vulnerability.

Products Affected

  • Web Config
A wide range of products are affected.
For more details, refer to the information provided by the developer.

Description

Web Config embedded in multiple printers and scanners provided by SEIKO EPSON CORPORATION contains the following vulnerability.

  • Cross-site request forgery (CWE-352)
    • CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 5.1
    • CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score 4.3
    • CVE-2026-58315

Impact

If a user views a malicious page while logged into Web Config, unintended operations may be performed.

Solution

Apply workarounds
The developer recommends that users should apply workarounds when using the affected products.
For more details, refer to the information provided by the developer.

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Kentaro Ishii of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2026-58315
JVN iPedia JVNDB-2026-000096