Cross-site request forgery in Seiko Epson Corporation products - CVE-2026-58315

 

Cross-site request forgery in Seiko Epson Corporation products - CVE-2026-58315

Published: July 8, 2026


Vulnerability identifier: #VU137049
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-58315
CWE-ID: CWE-352
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Seiko Epson Corporation
Affected software:
EW-M5610FT
EW-M754TW
EW-M752TB
EW-M752T
EW-M674FT
EW-M670FTW
EW-M670FT
EW-M634T
EW-M630TW
EW-M630TB
EW-M571T
EW-M754TB
EW-M531F
EW-M530F
EW-456A
EW-452A
EW-056A
EW-052A
EP-M553T
EP-M552T
EP-M476T
PX-S05W
FF-680W
SC-F150
PX-S505
PX-S5010
PX-S270T
PX-S170T
PX-S161T
PX-S155
PX-S06W
PX-S06B
EP-982A3
PX-S05B
PX-M270T
PX-M270FT
PX-M161T
EW-M973A3T
EW-M873T
EW-M757TP
EW-M757TB
EW-M757TW
EP-810AW
EP-880AR
EP-880AW
EP-880AB
EP-816A
EP-815A
EP-814A
EP-813A
EP-812A
EP-811AW
EP-811AB
EP-880AN
EP-810AB
EP-716A
EP-715A
EP-714A
EP-713A
EP-712A
EP-711A
EP-710A
EP-50V
EP-883AR
EP-886AR
EP-886AW
EP-886AB
EP-885AR
EP-885AW
EP-885AB
EP-884AR
EP-884AW
EP-884AB
EP-315
EP-883AW
EP-883AB
EP-882AR
EP-882AW
EP-882AB
EP-881AN
EP-881AR
EP-881AW
EP-881AB

Detailed vulnerability description

The vulnerability allows a remote attacker to perform cross-site request forgery attacks.

The vulnerability exists due to insufficient validation of the HTTP request origin in Web Config. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.


How to mitigate CVE-2026-58315

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources