Cross Site Scripting Vulnerability in Epson WebConfig for Professional Imaging


Vulnerability Reference: CVE-2017-6443

Description: The EPSON WebConfig utility (Web Version) for the Professional Imaging printers listed below has a vulnerability that may compromise the security of the printer’s web browser. Note this vulnerability is only present in products with built-in Ethernet or Wireless network.

Impact: Successful exploitation of this vulnerability can lead to unauthorized control of the system by a low privilege user. Epson is not aware of any reported incidents to date.

Solution: To ensure the security of your Epson product, please download and install the latest Firmware Update for your product by selecting your printer below. In the meantime, and as a general rule to help secure all devices, end-users and their administrators should always implement and maintain industry-standard security controls and practices in setting up and managing their networks. Those practices include immediately replacing default passwords with strong passwords and installing printer software behind a firewall.


Affected Models