CVE-2024-47295 Vulnerability Details

  /     /     /  

CVE-2024-47295 Metadata Quick Info

CVE Published: 01/10/2024 | CVE Updated: 11/11/2024 | CVE Year: 2024
Source: jpcert | Vendor: SEIKO EPSON CORPORATION | Product: Web Config
Status : PUBLISHED

---

CVE-2024-47295 Description

Insecure initial password configuration issue in SEIKO EPSON Web Config allows a remote unauthenticated attacker to set an arbitrary password and operate the device with an administrative privilege. As for the details of the affected versions, see the information provided by the vendor under [References].

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-1188
CWE Name: Initialization of a resource with an insecure default
Source: SEIKO EPSON CORPORATION

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).