Unquoted Service Path Vulnerability in EPSON Status Monitor 3 by EPSON
CVE-2020-36975
8.5HIGH
Key Information:
- Vendor
Seiko Epson Corp
- Status
- Vendor
- CVE Published:
- 27 January 2026
Badges
๐พ Exploit Exists๐ก Public PoC
What is CVE-2020-36975?
EPSON Status Monitor 3 version 8.0 is vulnerable to an unquoted service path issue that enables local attackers to execute arbitrary code. By exploiting the unquoted service binary path located at 'C:\Program Files\Common Files\EPSON\EPW!3SSRP\E_S60RPB.EXE', attackers can inject malicious executables, potentially escalating their privileges within the affected system.
Affected Version(s)
Status Monitor 3 EPSON_PM_RPCV4_06 8.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
SamAlucard
