Rhino Security Labs

Epson Authentication Bruteforce Vulnerability
[CVE-2017-12861]

Vulnerability Details

CVSS Rating: 8.5 (high)

CVE-2017-12861

Disclosing Company: Rhino Security Labs

Date: 10/10/2017

Status: Published

Affected software/version:
Epson EasyMP (2.x)

Disclosure

Rhino Security Labs References

Blog Post: Epson Vulnerability: EasyMP Projector Takeover

GitHub: Epson CVE Proof of Concept Exploits

MITRE

NIST

Disclosure Date

10/10/2017

Vulnerability Description

The Epson "EasyMP" software (tested on version 2.86) is designed to remotely stream a user's computer to supporting projectors. These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only those who can view it are streaming. All Epson projectors (tested on PowerLite Pro G5650W and G6050W)supporting the "EasyMP" software are vulnerable to a brute-force vulnerability, allowing any attacker on the network to remotely control and stream to the vulnerable device.

Related Disclosures

Epson Hard-Coded Credentials Vulnerability
[CVE-2017-12860]

CVSS Metrics

CVSS Rating (version 3.0)

8.5 (High)

Impact Score

Exploitability Score

5.9

2.2

Attack Vector

Network

Attack Complexity (AC)High Privileges Required (PR)None User Interaction (UI)None Scope (S)Unchanged

Confidentiality (C)High Integrity (I)High Availability (A)High