Rhino Security Labs

Epson Authentication Bruteforce Vulnerability

Vulnerability Details

CVSS Rating: 8.5 (high)


Disclosing Company: Rhino Security Labs

Date: 10/10/2017

Status: Published

Affected software/version:
Epson EasyMP (2.x)


Disclosure Date


Vulnerability Description

The Epson "EasyMP" software (tested on version 2.86) is designed to remotely stream a user's computer to supporting projectors. These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only those who can view it are streaming. All Epson projectors (tested on PowerLite Pro G5650W and G6050W)supporting the "EasyMP" software are vulnerable to a brute-force vulnerability, allowing any attacker on the network to remotely control and stream to the vulnerable device.

CVSS Metrics

CVSS Rating (version 3.0)

8.5 (High)

Impact Score

Exploitability Score



Attack Vector


Attack Complexity (AC)High Privileges Required (PR)None User Interaction (UI)None Scope (S)Unchanged

Confidentiality (C)High Integrity (I)High Availability (A)High