Epson Epson

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Epson product.

RSS Feeds for Epson security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Epson products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Epson Sorted by Most Security Vulnerabilities since 2018

Epson Xp2551 vulnerability

By the Year

In 2025 there have been 0 vulnerabilities in Epson. Last year, in 2024 Epson had 1 security vulnerability published. Right now, Epson is on track to have less security vulnerabilities in 2025 than it did last year.




Year Vulnerabilities Average Score
2025 0 0.00
2024 1 0.00
2023 0 0.00
2022 0 0.00
2021 2 5.50
2020 2 7.65
2019 0 0.00
2018 3 7.03

It may take a day or so for new Epson vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Epson Security Vulnerabilities

Epson XP255 CSRF Print Spoofing

CVE-2019-20460 - November 07, 2024

An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. POST requests don't require (anti-)CSRF tokens or other mechanisms for validating that the request is from a legitimate source. In addition, CSRF attacks can be used to send text directly to the RAW printer interface. For example, an attack could deliver a worrisome printout to an end user.

In Epson iProjection v2.30, the driver file EMP_MPAU.sys

CVE-2020-9453 5.5 - Medium - February 05, 2021

In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402406 and IOCtl 0x9C40240A. (0x9C402402 has only a NULL pointer dereference.) This affects \Device\EMPMPAUIO and \DosDevices\EMPMPAU.

NULL Pointer Dereference

In Epson iProjection v2.30, the driver file (EMP_NSAU.sys)

CVE-2020-9014 5.5 - Medium - February 05, 2021

In Epson iProjection v2.30, the driver file (EMP_NSAU.sys) allows local users to cause a denial of service (BSOD) via crafted input to the virtual audio device driver with IOCTL 0x9C402402, 0x9C402406, or 0x9C40240A. \Device\EMPNSAUIO and \DosDevices\EMPNSAU are similarly affected.

Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products

CVE-2020-5674 7.8 - High - November 24, 2020

Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Untrusted Path

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL

CVE-2020-12695 7.5 - High - June 08, 2020

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.

Incorrect Default Permissions

The EPSON iPrint application 6.6.3 for Android contains hard-coded API and Secret keys for the Dropbox

CVE-2018-14901 7.5 - High - August 30, 2018

The EPSON iPrint application 6.6.3 for Android contains hard-coded API and Secret keys for the Dropbox, Box, Evernote and OneDrive services.

Use of Hard-coded Credentials

The ContentProvider in the EPSON iPrint application 6.6.3 for Android does not properly restrict data access

CVE-2018-14902 7.5 - High - August 30, 2018

The ContentProvider in the EPSON iPrint application 6.6.3 for Android does not properly restrict data access. This allows an attacker's application to read scanned documents.

Information Disclosure

Versions of Epson AirPrint released prior to January 19, 2018 contain a reflective cross-site scripting (XSS) vulnerability, which can

CVE-2018-5550 6.1 - Medium - February 08, 2018

Versions of Epson AirPrint released prior to January 19, 2018 contain a reflective cross-site scripting (XSS) vulnerability, which can allow untrusted users on the network to hijack a session cookie or perform other reflected XSS attacks on a currently logged-on user.

XSS

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.