Epson
Products by Epson Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2022 there have been 0 vulnerabilities in Epson . Last year Epson had 2 security vulnerabilities published. Right now, Epson is on track to have less security vulnerabilities in 2022 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2022 | 0 | 0.00 |
| 2021 | 2 | 5.50 |
| 2020 | 2 | 7.65 |
| 2019 | 0 | 0.00 |
| 2018 | 3 | 7.03 |
It may take a day or so for new Epson vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Epson Security Vulnerabilities
In Epson iProjection v2.30, the driver file EMP_MPAU.sys
CVE-2020-9453
5.5 - Medium
- February 05, 2021
In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402406 and IOCtl 0x9C40240A. (0x9C402402 has only a NULL pointer dereference.) This affects \Device\EMPMPAUIO and \DosDevices\EMPMPAU.
NULL Pointer Dereference
In Epson iProjection v2.30, the driver file (EMP_NSAU.sys)
CVE-2020-9014
5.5 - Medium
- February 05, 2021
In Epson iProjection v2.30, the driver file (EMP_NSAU.sys) allows local users to cause a denial of service (BSOD) via crafted input to the virtual audio device driver with IOCTL 0x9C402402, 0x9C402406, or 0x9C40240A. \Device\EMPNSAUIO and \DosDevices\EMPNSAU are similarly affected.
Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products
CVE-2020-5674
7.8 - High
- November 24, 2020
Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Untrusted Path
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL
CVE-2020-12695
7.5 - High
- June 08, 2020
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
Incorrect Default Permissions
The EPSON iPrint application 6.6.3 for Android contains hard-coded API and Secret keys for the Dropbox
CVE-2018-14901
7.5 - High
- August 30, 2018
The EPSON iPrint application 6.6.3 for Android contains hard-coded API and Secret keys for the Dropbox, Box, Evernote and OneDrive services.
Use of Hard-coded Credentials
The ContentProvider in the EPSON iPrint application 6.6.3 for Android does not properly restrict data access
CVE-2018-14902
7.5 - High
- August 30, 2018
The ContentProvider in the EPSON iPrint application 6.6.3 for Android does not properly restrict data access. This allows an attacker's application to read scanned documents.
Information Disclosure
Versions of Epson AirPrint released prior to January 19, 2018 contain a reflective cross-site scripting (XSS) vulnerability, which can
CVE-2018-5550
6.1 - Medium
- February 08, 2018
Versions of Epson AirPrint released prior to January 19, 2018 contain a reflective cross-site scripting (XSS) vulnerability, which can allow untrusted users on the network to hijack a session cookie or perform other reflected XSS attacks on a currently logged-on user.
XSS