Support Projectors Meeting Room EB-U32

Vulnerability in EPSON WebConfig / Epson Web Control for Projector Product

  • Vulnerability Reference: CVE-2025-64310

     

    Thank you for your using Epson products.

    A vulnerability has been identified in some Epson projector products when using the software (EPSON WebConfig / Epson Web Control *1) that allows you can check the status of the product itself or change settings via a Web browser.

     

    *1 EPSON WebConfig / Epson Web Control allows the user to check the status of the product or change the settings by entering the IP address of the product in the URL field on a web browser such as Microsoft Edge or Safari.

     

    - Confirmed vulnerabilities

    The password authentication (Web Control Password and Remote Password) of the affected product does not have a restriction or lockout mechanism, so an attacker can try an unlimited number of passwords, making the projector vulnerable to brute-force attacks. If the Web Control Password or Remote Password are discovered through the brute-force attack, a third party may be able to take control of the projector.

     - Operation of turning on-off the projector, input source change etc.

     - Editing content stored on a USB flash drive or SD card. (Content Playback mode compatible models)

     - Capturing projected images using Remote Camera Access. (Remote Camera Access compatible models)

     - Refer to projector’s log file saved on a USB flash drive. (Log Save compatible models)

     

    - Impact of vulnerability

    Currently, there are no reports of any attacks exploiting this vulnerability.

     

    - Target products and countermeasures

    - Products other than those listed in the attached file are not affected as they either do not contain the vulnerabilities or measures have been taken at the time of shipment.

    - For products that are currently on sale, we plan to release countermeasure firmware as shown in the attached file. After the firmware is released and products for which the firmware has been released, we strongly recommend that you download it from the Epson website and apply the update.

    - For products for which firmware will be released in the future or for which no measure firmware is scheduled to be provided, we strongly recommend that you take measures by “Workaround method”.

     

    - Workaround method

      - Installation and configuration according to the user’s guide

    The product should not be directly connected to the Internet and should be installed in a network protected by a firewall. In that case, please set a private IP address and operate.

     

    Set the Web Control Password and Remote Password for each product.

    The Web Control Password and Remote Password should be a complex string that is difficult for others to guess, such as mixing not only English characters but also symbols and numbers to make it 8 characters or more.

     

      - Stronger workaround – Block HTTP (TCP/80 port and TCP/433 port) access to the product

    After configuring the product, block HTTP access (TCP/80 port and TCP/433 port) to the product with a network device (router or switch). Open the port only when you need to update the application settings or firmware.

    * Due to blockage, the functions in EPSON WebConfig and Epson Web Control may not be available.

Published:  Nov 27, 2025 Was this helpful?​ Thank you for the feedback!
Was this helpful?​
Please tell us why this was not helpful.​