Vulnerability in EPSON WebConfig / Epson Web Control for Projector Products
 
Thank you for using Epson products.
A vulnerability has been identified in some Epson projector products when using the software (EPSON WebConfig / Epson Web Control*1) that allows you can check the status of the product itself or change settings via a Web browser.  
 
Vulnerability Details
The password authentication (Web Control Password and Remote Password) of the affected product does not have a restriction or lockout mechanism, so an attacker can try an unlimited number of passwords, making the projector vulnerable to brute-force attacks. If the Web Control Password or Remote Password are discovered through the brute-force attack, a third party may be able to take control of the projector.
  • Operation of turning on-off the projector, input source change etc.
  • Editing content stored on a USB flash drive or SD card. (Content Playback mode compatible models)
  • Capturing projected images using Remote Camera Access. (Remote Camera Access compatible models)
  • Refer to projector’s log file saved on a USB flash drive. (Log Save compatible models)
Impact of vulnerability
• Currently, there are no reports of any attacks exploiting this vulnerability.  
 
Affected Models
1450Ui / 696Ui / 1460Ui L25000U
1470Ui / 700U L260F / L210W
1485Fi / 800F / 805F L30000U
1785W / 1781W / 1780W / 1795F L610U / L510U / L610W / L500W
2265U / 2255U / 2245U / 2165W / 2155W / 2140W / 2065 / 2055 / 2040 L730U / L630U / LS500B / L520U
4770W L770U / L570U
5530U / 5520W / 5510 L890E / L690E / L790SE
695Wi / 685Wi / 685W / 680 LS10050
810E / 815E LS12000B
965H / 955WH 945H / 98H / 97H / X30 / X29 / S29 LPU2216B / PU2213B
CO-FH01 PQ2008B / PQ2010B / PQ2213B / PQ2216B / PQ2220B
ELPWP20 PU1008B / PU1007B / PU1007W / PU1006W / PU2010B
EV-100 / EV-105 PU2220B
EV-110 / EV-115 QL3000B / QL3000W
G6970WU / G6970WU NL / G6870 / G6870 NL / G6770WU / G6770WU NL / G6570WU / G6570WU S04 / S300 / X04 / X300 / W04 / S31 / X31 / X350 / U32 / X36 / W31 / U04
NL / G6270W / G6270W NL / G6070W / G6070W NL / G6170 / G6170 NL S05 / X05 / W05 / S41 / X41 / W41 / U42 / TW650
G7905U / G7905U NL / G7200W / G7200W NL / G7000W / G7000W NL / G7805 / G7805 NL TW5350
G7100 / G7100 NL / G7400U / G7400U NL TW5650
L1070U NL / L1060U NL TW6700
L12000Q / L20000U TW7000
L1200U / L1200U NL / L1100U / L1100U NL / L1405U / L1405U NL TW8300 / TW8300W
L1505U / L1505U NL TW9400 / TW7400
L1715S NL / L1515S NL / L1755U NL / L1505UH NL / L1755U NL / L1755U NL W50 / U50
L200F / L200W / L200XL200SW / L200SX / 735Fi X06+ / W06 / X51 / W51 / FH52 / TW750 / 972 / 982W
L200SW / L200SX / 735Fi / 725Wi / 725W / 735F X39 / W39 / 970 / 980W / 2042 / 2142W / 2247U
L210SF / L210SW / 770Fi / 770F / 760Wi / 760W X52 / W55 / FH54 / W56S
 
Workaround method
  • Installation and configuration according to the user’s guide
    The product should not be directly connected to the Internet and should be installed in a network protected by a firewall. In that case, please set a private IP address and operate.
    Set the Web Control Password and Remote Password for each product.
    The Web Control Password and Remote Password should be a complex string that is difficult for others to guess, such as mixing not only English characters but also symbols and numbers to make it 8 characters or more.
  • Stronger workaround – Block HTTP (TCP/80 port and TCP/433 port) access to the product
    After configuring the product, block HTTP access (TCP/80 port and TCP433 port) to the product with a network device (router or switch). Open the port only when you need to update the application settings or firmware.
    * Due to blockage, the functions in EPSON WebConfig and Epson Web Control may not be available.
Recommended Countermeasure
For Epson Appointed System Integrators (SI)
  • Adding an authorization for the commands
  • Adding an optional security mode that restricts IP addresses allowed to access the printer.