JVNVU#95021911
EPSON WebConfig / Epson Web Control for SEIKO EPSON Projector Products do not restrict excessive authentication attempts
Overview
EPSON WebConfig / Epson Web Control for SEIKO EPSON Projector Products provided by SEIKO EPSON CORPORATION do not restrict excessive authentication attempts.
Products Affected
A wide range of products are affected.
As for the details of affected product names and model numbers, refer to the information provided by the vendor in [Vendor Status].
Description
EPSON WebConfig / Epson Web Control for SEIKO EPSON Projector Products provided by SEIKO EPSON CORPORATION contain the following vulnerability.
- Improper restriction of excessive authentication attempts (CWE-307)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 9.3
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 9.8
- CVE-2025-64310
Impact
An administrative user's password may be identified through a brute force attack.
Solution
Update the firmware
Update the firmware to the latest version according to the information provided by the developer.
Apply the workaround
The developer recommends applying the workaround for the affected products.
For more information, refer to the information provided by the developer.
Vendor Status
| Vendor | Link |
| SEIKO EPSON CORPORATION | Vulnerability in EPSON WebConfig / Epson Web Control for Projector Products (Text in Japanese) |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
SEIKO EPSON CORPORATION reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2025-64310 |
| JVN iPedia |
|