CVE-2025-35970 | THREATINT

Description

On multiple products of SEIKO EPSON and FUJIFILM Corporation, the initial administrator password is easy to guess from the information available via SNMP. If the administrator password is not changed from the initial one, a remote attacker with SNMP access can log in to the product with the administrator privilege.

PUBLISHED Reserved 2025-07-17 | Published 2025-08-07 | Updated 2025-08-07 | Assigner jpcert

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

Use of weak credentials

Product status

see the information provided by the vendor

affected

all versions

affected

References

www.epson.jp/support/misc_t/250807_oshirase.htm

global.fujifilm.com/en/news/hq/697e

jvn.jp/en/vu/JVNVU91363496/

cve.org (CVE-2025-35970)

nvd.nist.gov (CVE-2025-35970)

Download JSON