JVNVU#95021911
EPSON WebConfig / Epson Web Control for SEIKO EPSON Projector Products do not restrict excessive authentication attempts
Overview
EPSON WebConfig / Epson Web Control for SEIKO EPSON Projector Products provided by SEIKO EPSON CORPORATION do not restrict excessive authentication attempts.
Products Affected
A wide range of products are affected.
As for the details of affected product names and model numbers, refer to the information provided by the vendor in [Vendor Status].
Description
EPSON WebConfig / Epson Web Control for SEIKO EPSON Projector Products provided by SEIKO EPSON CORPORATION contain the following vulnerability.
- Improper restriction of excessive authentication attempts (CWE-307)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 9.3
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 9.8
- CVE-2025-64310
Impact
An administrative user's password may be identified through a brute force attack.
Solution
Update the firmware
Update the firmware to the latest version according to the information provided by the developer.
Apply the workaround
The developer recommends applying the workaround for the affected products.
For more information, refer to the information provided by the developer.
Vendor Status
| Vendor | Link |
| SEIKO EPSON CORPORATION | Vulnerability in EPSON WebConfig / Epson Web Control for Projector Products |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Vladislav Khegay and Aigerim Alibek of Astana IT University reported this vulnerability to SEIKO EPSON CORPORATION and coordinated. SEIKO EPSON CORPORATION and JPCERT/CC published respective advisories in order to notify users of this vulnerability.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2025-64310 |
| JVN iPedia |
|
Update History
- 2025/12/23
- Information under the section [Vendor Status] and [Credit] was updated