Web-Config of Seiko-Epson devices enables attackers to take over
In many cases, the web interface of devices such as Seiko-Epson printers allows attackers to take them over as administrators.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
The web interface of numerous printers, scanners and network interface products from Seiko-Epson allows attackers to take them over. IT managers should implement the workaround on affected devices immediately.
Epson warns of the security vulnerability in a press release. It affects the web interface of the vulnerable devices, which can be used to view the status or change settings. On some devices, the web interface may also be called "Remote Manager", the developers explain. If the administrator password has not been set and is empty, attackers can access it and assign their own password. This allows them to take control of vulnerable devices and control them remotely(CVE-2024-47295, CVSS 8.1, risk"high").
Epson devices: Workaround available
When accessing the web interface of affected devices for the first time, it usually asks to set the admin password. As a countermeasure, the manufacturer recommends that IT managers call up the web interface of the vulnerable devices. They should then simply set the administrator password there to give attackers no chance to do this before them.
Videos by heise
If you let the web browser translate the Epson message into German or English, for example, you will find an extensive list of vulnerable devices. It ranges from inkjet printers, laser printers, dot matrix printers and large format printers to receipt printers, scanners and network interface products. Products other than those listed are not affected as they have an administrator password assigned at the factory.
Epson also provides further security tips: The devices should not be connected directly to the Internet, but should be used in a firewall-protected network. In addition, an administrator password should be assigned that has a certain level of complexity.
It is not only printers themselves that have security vulnerabilities. Print servers such as the CUPS system also have to contend with them from time to time. On Friday last week, an IT security researcher made some critical security vulnerabilities public. These can be closed with available software updates.
(dmk)
