CVE-2025-35970
BaseFortify
Publication date: 2025-08-07
Last updated on: 2025-08-07
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| seiko_epson | printer | * |
| fujifilm | frontier_dx400w_printer | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1391 | The product uses weak credentials (such as a default key or hard-coded password) that can be calculated, derived, reused, or guessed by an attacker. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs because the initial administrator password on multiple products from SEIKO EPSON and FUJIFILM Corporation is easy to guess using information accessible via SNMP. If the password is not changed from its default, a remote attacker with SNMP access can log in with administrator privileges.
How can this vulnerability impact me? :
If exploited, this vulnerability allows a remote attacker to gain administrator access to affected products without needing prior credentials. This can lead to unauthorized control over the device, potentially compromising its security and functionality.
What immediate steps should I take to mitigate this vulnerability?
Change the initial administrator password to a strong, unique password to prevent unauthorized access via SNMP.