Vulnerability in Web Config in Printers and Network Interface Products
Thank you for using Epson products.
A vulnerability has been identified in some Epson printers and network interface products in software (Web Config*) that can check the status of the product itself or change settings on a Web browser.
* Web Config allows you to check the status of the product or change the settings by entering the IP address of the product in the URL field on a web browser such as Edge or Safari. Web Config may be referred to as Remote Manager in some products.
- Confirmed vulnerabilities
- Cross-Site Scripting (XSS) Vulnerability
By accessing a specially crafted page, a script may be embedded in the settings of the product itself through the Web Config of the product in question. - Cross-Site Request Forgeries (CSRF) vulnerability
By accessing a specially crafted page, the settings of the product itself may be changed through the Web Config of the product. - Impact of vulnerability
- Target products and countermeasures
- Products other than the following are not affected because there are no vulnerabilities or measures have been taken at the time of shipment.
- For products that are currently on sale, we plan to release countermeasure firmware as follows. After the firmware is released, we strongly recommend that you download it from the Epson website and apply the update.
- For products that have not been supplied or are not scheduled to be supplied, we strongly recommend that you take measures by "Workaround method".
The following two vulnerabilities have been identified.
Currently, there are no reports of attacks exploiting this vulnerability.
| Product Name | XSS Vulnerability | CSRF Vulnerability | Countermeasure | Scheduled release |
|---|---|---|---|---|
| SC-T3270 Series | Not applicable | Applicable | Apply firmware | F/W Ver.: DN015N5, 15 Jun-23 |
| SC-T5270 Series | Not applicable | Applicable | Apply firmware | F/W Ver.: DN015N5, 15 Jun-23 |
| SC-T7270 Series | Not applicable | Applicable | Apply firmware | F/W Ver.: DN015N5, 15 Jun-23 |
| SC-T5270D Series | Not applicable | Applicable | Apply firmware | F/W Ver.: MM015N5, 15 Jun-23 |
| SC-T7270D Series | Not applicable | Applicable | Apply firmware | F/W Ver.: MW015N, 15 Jun-23 |
| SC-P5000 Series | Not applicable | Applicable | Apply firmware | F/W Ver.: N027N2, 5 April, 2023 |
| SC-P7000 Series | Not applicable | Applicable | Apply firmware | F/W Ver.: LN002N6, 4 Jul-23 |
| SC-P9000 Series | Not applicable | Applicable | Apply firmware | F/W Ver.: LW002N6, 4 Jul-23 |
| SC-P6000 Series | Not applicable | Applicable | Apply firmware | F/W Ver.: NN002N6, 4 Jul-23 |
| SC-P8000 Series | Not applicable | Applicable | Apply firmware | F/W Ver.: NW002N6, 4 Jul-23 |
| SC-P20070 Series | Not applicable | Applicable | Apply firmware | F/W Ver.: FW026N6, 13 Jul-23 |
| SC-S80670 Series | Not applicable | Applicable | Apply firmware | F/W Ver.: SA011MB, 31 March, 2023 |
| SC-S60670 Series | Not applicable | Applicable | Apply firmware | F/W Ver.: HA027K2, 31 March, 2023 |
| SC-S40670 Series | Not applicable | Applicable | Apply firmware | F/W Ver.: BA027K2, 30 March, 2023 |
| SC-S60670L Series | Not applicable | Applicable | Apply firmware | F/W Ver.: HC001LA, 31 March, 2023 |
| SC-S80670L Series | Not applicable | Applicable | Apply firmware | F/W Ver.: SC024M3, 31 March, 2023 |
| SC-F7270 Series | Not applicable | Applicable | Apply firmware | F/W Ver.: CO011LA, 31 March, 2023 |
| SC-F6330 Series | Not applicable | Applicable | Apply firmware | F/W Ver.: PR026KB, 20 Sep 2023 |
| SC-F9430 Series | Not applicable | Applicable | Apply firmware | F/W Ver.: MT026L5, 31 March, 2023 |
| SC-F9430H Series | Not applicable | Applicable | Apply firmware | F/W Ver.: MU026L5, 31 March, 2023 |
| SC-F2130 Series | Not applicable | Applicable | Apply firmware | F/W Ver.: LA015K4, 1 Aug, 2023 |
| SC-T3130X Series | Not applicable | Applicable | Apply firmware | F/W Ver.: LC22N8, 12/9/2023 |
| SC-F500 Series | Not applicable | Applicable | Apply firmware | F/W Ver.: LS23N8, 13/9/2023 |
| SC-F501 Series | Not applicable | Applicable | Apply firmware | Nov-23 |
| SC-T3130,SC-T3130N Series | Not applicable | Applicable | Apply firmware | Nov-23 |
| SC-T5130 Series | Not applicable | Applicable | Apply firmware | Nov-23 |
| SC-T3430 Series | Not applicable | Applicable | Apply firmware | Jan-24 |
| SC-T5430 Series | Not applicable | Applicable | Apply firmware | Jan-24 |
| SC-T3435 Series | Not applicable | Applicable | Apply firmware | Jan-24 |
| SC-T5435 Series | Not applicable | Applicable | Apply firmware | Jan-24 |
| TM-C7500 | Not applicable | Applicable | Apply firmware | F/W Ver.: WAI34400, 27 March, 2023 |
| TM-C3500 | Not applicable | Applicable | Apply firmware | F/W Ver.: WAM32500, 27 March, 2023 |
| TM-C3400 | Not applicable | Applicable | Workaround | ― |
| TM-C610 | Not applicable | Applicable | Workaround | ― |
| PX-B510 | Not applicable | Applicable | Workaround | ― |
| PX-B500 | Not applicable | Applicable | Workaround | ― |
| StylusPro3800 | Not applicable | Applicable | Workaround | ― |
| StylusPro3800C | Not applicable | Applicable | Workaround | ― |
| StylusPro3850 | Not applicable | Applicable | Workaround | ― |
| StylusPro3880 | Not applicable | Applicable | Workaround | ― |
| StylusPro3885 | Not applicable | Applicable | Workaround | ― |
| StylusPro3890 | Not applicable | Applicable | Workaround | ― |
| StylusPhotoR3000 | Not applicable | Applicable | Workaround | ― |
| StylusPhotoR2000 | Not applicable | Applicable | Workaround | ― |
| SC-P400 Series | Not applicable | Applicable | Workaround | ― |
| SC-P600 Series | Not applicable | Applicable | Workaround | ― |
| SC-P800 Series | Not applicable | Applicable | Workaround | ― |
| StylusPro4450 | Not applicable | Applicable | Workaround | ― |
| StylusPro4880 | Not applicable | Applicable | Workaround | ― |
| StylusPro4880C | Not applicable | Applicable | Workaround | ― |
| StylusPro7450 | Not applicable | Applicable | Workaround | ― |
| StylusPro7880 | Not applicable | Applicable | Workaround | ― |
| StylusPro7880C | Not applicable | Applicable | Workaround | ― |
| StylusPro9450 | Not applicable | Applicable | Workaround | ― |
| StylusPro9880 | Not applicable | Applicable | Workaround | ― |
| StylusPro9880C | Not applicable | Applicable | Workaround | ― |
| StylusPro11880 | Not applicable | Applicable | Workaround | ― |
| StylusPro11880C | Not applicable | Applicable | Workaround | ― |
| StylusProGS6000 | Not applicable | Applicable | Workaround | ― |
| StylusProWT7900 | Not applicable | Applicable | Workaround | ― |
| StylusProWT7910 | Not applicable | Applicable | Workaround | ― |
| StylusPro7700 | Not applicable | Applicable | Workaround | ― |
| StylusPro7710 | Not applicable | Applicable | Workaround | ― |
| StylusPro7700M | Not applicable | Applicable | Workaround | ― |
| StylusPro7710M | Not applicable | Applicable | Workaround | ― |
| StylusPro9700 | Not applicable | Applicable | Workaround | ― |
| StylusPro9710 | Not applicable | Applicable | Workaround | ― |
| StylusPro4900 | Not applicable | Applicable | Workaround | ― |
| StylusPro4910 | Not applicable | Applicable | Workaround | ― |
| StylusPro7890 | Not applicable | Applicable | Workaround | ― |
| StylusPro7908 | Not applicable | Applicable | Workaround | ― |
| StylusPro7900 | Not applicable | Applicable | Workaround | ― |
| StylusPro7910 | Not applicable | Applicable | Workaround | ― |
| StylusPro9890 | Not applicable | Applicable | Workaround | ― |
| StylusPro9908 | Not applicable | Applicable | Workaround | ― |
| StylusPro9900 | Not applicable | Applicable | Workaround | ― |
| StylusPro9910 | Not applicable | Applicable | Workaround | ― |
| SC-T3000 Series | Not applicable | Applicable | Workaround | ― |
| SC-T5000 Series | Not applicable | Applicable | Workaround | ― |
| SC-T7000 Series | Not applicable | Applicable | Workaround | ― |
| SC-P10000 Series | Not applicable | Applicable | Workaround | ― |
| SC-S30600 Series | Not applicable | Applicable | Workaround | ― |
| SC-S50600 Series | Not applicable | Applicable | Workaround | ― |
| SC-S70600 Series | Not applicable | Applicable | Workaround | ― |
| SC-F6000 Series | Not applicable | Applicable | Workaround | ― |
| SC-F7000 Series | Not applicable | Applicable | Workaround | ― |
| SC-F7100 Series | Not applicable | Applicable | Workaround | ― |
| SC-F6200 Series | Not applicable | Applicable | Workaround | ― |
| SC-F9200 Series | Not applicable | Applicable | Workaround | ― |
| SC-F9300 Series | Not applicable | Applicable | Workaround | ― |
| SC-F2000 Series | Not applicable | Applicable | Workaround | ― |
| StylusPro9860 | Not applicable | Applicable | Workaround | ― |
| StylusPro9906D | Not applicable | Applicable | Workaround | ― |
| SC-B7000 Series | Not applicable | Applicable | Workaround | ― |
| AcuLaser 2600N | Applicable | Applicable | Workaround | ― |
| AcuLaser C1900 | Applicable | Applicable | Workaround | ― |
| AcuLaser C2000 | Applicable | Applicable | Workaround | ― |
| AcuLaser C2600N | Applicable | Applicable | Workaround | ― |
| AcuLaser C2800DN | Applicable | Applicable | Workaround | ― |
| AcuLaser C2800N | Applicable | Applicable | Workaround | ― |
| AcuLaser C3800DN | Applicable | Applicable | Workaround | ― |
| AcuLaser C3800N | Applicable | Applicable | Workaround | ― |
| AcuLaser C4000 | Applicable | Applicable | Workaround | ― |
| AcuLaser C4100 | Applicable | Applicable | Workaround | ― |
| AcuLaser C4200DN | Applicable | Applicable | Workaround | ― |
| AcuLaser C8500 | Applicable | Applicable | Workaround | ― |
| AcuLaser C9000 | Applicable | Applicable | Workaround | ― |
| AcuLaser C9100 | Applicable | Applicable | Workaround | ― |
| AcuLaser C9200N | Applicable | Applicable | Workaround | ― |
| AcuLaser C9300N | Applicable | Applicable | Workaround | ― |
| AcuLaser CX28DN | Applicable | Applicable | Workaround | ― |
| AcuLaser M2000DN | Applicable | Applicable | Workaround | ― |
| AcuLaser M2010DN | Applicable | Applicable | Workaround | ― |
| AcuLaser M2300DN | Applicable | Applicable | Workaround | ― |
| AcuLaser M2310DN | Applicable | Applicable | Workaround | ― |
| AcuLaser M2400DN | Applicable | Applicable | Workaround | ― |
| AcuLaser M2410DN | Applicable | Applicable | Workaround | ― |
| AcuLaser M4000N | Applicable | Applicable | Workaround | ― |
| AcuLaser M7000N | Applicable | Applicable | Workaround | ― |
| AcuLaser M8000N | Applicable | Applicable | Workaround | ― |
| AcuLaser MX20DN | Applicable | Applicable | Workaround | ― |
| AcuLaser MX21DNF | Applicable | Applicable | Workaround | ― |
| AL-C500DN | Applicable | Applicable | Workaround | ― |
| EPL-5700 | Applicable | Applicable | Workaround | ― |
| EPL-C8200 | Applicable | Applicable | Workaround | ― |
| EPL-N2000 | Applicable | Applicable | Workaround | ― |
| EPL-N2000K | Applicable | Applicable | Workaround | ― |
| EPL-N2050 | Applicable | Applicable | Workaround | ― |
| EPL-N2050+ | Applicable | Applicable | Workaround | ― |
| EPL-N2700 | Applicable | Applicable | Workaround | ― |
| EPL-N2750 | Applicable | Applicable | Workaround | ― |
| EPL-N3000 | Applicable | Applicable | Workaround | ― |
| EPL-N4000 | Applicable | Applicable | Workaround | ― |
| EPL-N4000+ | Applicable | Applicable | Workaround | ― |
| EPL-N7000 | Applicable | Applicable | Workaround | ― |
| EpsonNet 10/100 Base TX USB Print Server (C82402*) | Applicable | Applicable | Workaround | ― |
| EpsonNet 10/100 Base TX USB Print Server (C82403*) | Applicable | Applicable | Workaround | ― |
| EpsonNet 10/100 Base Tx High Speed Int.Print Server (C82405*) | Applicable | Applicable | Workaround | ― |
| EpsonNet 802.11g wireless Ext. Print Server (C82422*) | Applicable | Applicable | Workaround | ― |
| EpsonNet 10/100 Base Tx Int. Print Server 5 (C82434*) | Applicable | Applicable | Workaround | ― |
| EpsonNet 10/100 Base Tx Int. Print Server 5e (C82435*) | Applicable | Applicable | Workaround | ― |
| EpsonNet 802.11b/g Wireless and 10/100 Base Tx Ext. Print Server (C82437*) |
Applicable | Applicable | Workaround | ― |
| EpsonNet Authentication Print (C82440*) |
Applicable | Applicable | Workaround | ― |
| EpsonNet 10 Base 2/T Int. Print Server (C82362*) | Applicable | Applicable | Workaround | ― |
| EpsonNet 10/100 Base Tx Ext. Print Server (C82363*) | Applicable | Applicable | Workaround | ― |
| EpsonNet 10/100 Base Tx Ext. Print Server (C82364*) | Applicable | Applicable | Workaround | ― |
| EpsonNet 10/100 Base Tx External Print Server (C82378*) | Applicable | Applicable | Workaround | ― |
| EpsonNet 10/100 Base Tx Int. Print Server (C82384*) | Applicable | Applicable | Workaround | ― |
| EpsonNet 10/100 Base Tx Int―. Print Server 2 (C82391*) | Applicable | Applicable | Workaround | ― |
| EpsonNet 802.11b Wireless Ext. Print Server (C82396*) | Applicable | Applicable | Workaround | ― |
| EpsonNet 802.11b Wireless Ext. Print Server (C82397*) | Applicable | Applicable | Workaround | ― |
| EpsonNet 802.11b Wireless Ext. Print Server (C82398*) | Applicable | Applicable | Workaround | ― |
| EPSON Network Image Express (B80836*) |
Applicable | Applicable | Workaround | ― |
| EPSON Network Image Express Card (B80839*) | Applicable | Applicable | Workaround | - |
- Workaround method
- Installation and configuration according to the security guidebook
- Connecting to the Internet
- Administrator password
The product should not be directly connected to the Internet and should be installed in a network protected by a firewall. In that case, please set a private IP address and operate.
Set an administrator password for each product.
The administrator password should be a complex string that is difficult for others to guess, such as mixing not only English characters but also symbols and numbers to make it 8 characters or more.Please check the Security Guidebook here.
- Stronger workaround – Block HTTP (TCP/80 port) access to the product
- Blocked by product
- Business Printer: AcuLaser C9300N/ AcuLaser M7000N
- Commercial & Industrial Printers: SC-T3200 Series/SC-T5200 Series/SC-T7200 Series/SC-T5200D Series/SC-T7200D Series
- Shut off by network equipment in the installation environment
In order for customers to use the product safely and securely, please install and configure it according to the security guidebook.
For the following products, you can block HTTP access (TCP/80 port) in Web Config.
After configuring the product, block HTTP access (TCP/80 port) to the product with a network device (router or switch). Open the port only when you need to update the application settings or firmware.
* Due to blockage, the functions in Web Config may not be available.