CVE-2025-35970_CVE-2025-35970

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Description

On multiple products of SEIKO EPSON and FUJIFILM Corporation, the initial administrator password is easy to guess from the information available via SNMP. If the administrator password is not changed from the initial one, a remote attacker with SNMP access can log in to the product with the administrator privilege.

AI Analysis

A vulnerability in multiple SEIKO EPSON and FUJIFILM products allows remote attackers with SNMP access to guess the default administrator password, potentially gaining admin privileges if the password isn't changed.

Basic Information

ID CVE-2025-35970

Source jpcert

Published Aug 7, 2025 at 05:22

Affected Product

Vendor SEIKO EPSON

Product Multiple EPSON product

Version see the information provided by the vendor

Affected Versions SEIKO EPSON Multiple EPSON product see the information provided by the vendor
FUJIFILM Corporation FRONTIER DX400W all versions

CWE Classification

CWE-1391

AI Assessment

AI Severity High

Vendor SEIKO EPSON and FUJIFILM Corporation

Product Multiple EPSON products, FRONTIER DX400W

Version see vendor information, all versions

References

{
    "lastseen": "",
    "description": "On multiple products of SEIKO EPSON and FUJIFILM Corporation, the initial administrator password is easy to guess from the information available via SNMP. If the administrator password is not changed from the initial one, a remote attacker with SNMP access can log in to the product with the administrator privilege.",
    "published": "2025-08-07T05:22:09.768Z",
    "modified": "2025-08-07T05:22:09.768Z",
    "type": "cve",
    "title": "CVE-2025-35970",
    "source": "jpcert",
    "references": "https://www.epson.jp/support/misc_t/250807_oshirase.htm\nhttps://global.fujifilm.com/en/news/hq/697e\nhttps://jvn.jp/en/vu/JVNVU91363496/",
    "id": "CVE-2025-35970",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1391"
    ],
    "cvelist": null,
    "sourceData": "SEIKO EPSON Multiple EPSON product see the information provided by the vendor\nFUJIFILM Corporation FRONTIER DX400W all versions",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Multiple EPSON product",
    "version": "see the information provided by the vendor",
    "vendor": "SEIKO EPSON",
    "ai_description": "A vulnerability in multiple SEIKO EPSON and FUJIFILM products allows remote attackers with SNMP access to guess the default administrator password, potentially gaining admin privileges if the password isn't changed.",
    "ai_severity": "High",
    "ai_vendor": "SEIKO EPSON and FUJIFILM Corporation",
    "ai_product": "Multiple EPSON products, FRONTIER DX400W",
    "ai_version": "see vendor information, all versions",
    "ai_score": 0
}