Published:2026/07/07 Last Updated:2026/07/07
JVN#87285119
SEIKO EPSON printers and scanners Web Config vulnerable to cross-site request forgery
Overview
Web Config embedded in SEIKO EPSON multiple printers and scanners contains a cross-site request forgery vulnerability.
Products Affected
- Web Config
For more details, refer to the information provided by the developer.
Description
Web Config embedded in multiple printers and scanners provided by SEIKO EPSON CORPORATION contains the following vulnerability.
- Cross-site request forgery (CWE-352)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 5.1
- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score 4.3
- CVE-2026-58315
Impact
If a user views a malicious page while logged into Web Config, unintended operations may be performed.
Solution
Apply workarounds
The developer recommends that users should apply workarounds when using the affected products.
For more details, refer to the information provided by the developer.
Vendor Status
| Vendor | Link |
| SEIKO EPSON CORPORATION | Vulnerability in Web Config for Printers and Scanners (Text in Japanese) |
| Security for printers and MFPs |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Kentaro Ishii of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2026-58315 |
| JVN iPedia |
JVNDB-2026-000096 |