Primary

Context

Epson Status Monitor 3 Unquoted Service Path Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A vulnerability exists in Epson Status Monitor 3, specifically in version 8.0, due to an unquoted service path. This flaw allows local attackers to execute arbitrary code by exploiting the service binary path. The unquoted path can be found in 'C:\Program Files\Common Files\EPSON\EPW!3SSRP\E_S60RPB.EXE', where malicious executables can be injected to escalate privileges.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation and execution of arbitrary code with elevated rights.

Reproduction

The vulnerability can be reproduced by injecting a malicious executable into the unquoted service path of the Epson Status Monitor 3 service. Once the executable is injected, it can be executed to gain elevated privileges.

Added: Jan 27, 2026, 7:37 PM

Updated: Jan 27, 2026, 7:37 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

4.6

remediation

0.0

relevance

2.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

4.6

remediation

0.0

relevance

2.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Epson Status Monitor 3 Unquoted Service Path Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Reproduction

Affected Products

EPSON Status Monitor 3

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating