← Back to CVEs
CVE-2025-35970
HIGH7.5
Description
On multiple products of SEIKO EPSON and FUJIFILM Corporation, the initial administrator password is easy to guess from the information available via SNMP. If the administrator password is not changed from the initial one, a remote attacker with SNMP access can log in to the product with the administrator privilege.
CVE Details
CVSS v3.1 Score7.5
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published8/7/2025
Last Modified8/7/2025
Sourcenvd
Honeypot Sightings0
Weaknesses (CWE)
CWE-1391
References
https://global.fujifilm.com/en/news/hq/697e(vultures@jpcert.or.jp)
https://jvn.jp/en/vu/JVNVU91363496/(vultures@jpcert.or.jp)
https://www.epson.jp/support/misc_t/250807_oshirase.htm(vultures@jpcert.or.jp)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.