Vulnerabilities ›

CVE-2020-37064

High

EPSON EasyMP Network Projection 2.81 contains an unquoted service path vulnerability in the EMP_NSWLSV service that allows local users to potentially execute arbitrary code. Attackers can exploit the

CWE-428 — Weakness Type

                    Published: Feb 1, 2026                      ·  Modified: Feb 28, 2026                      ·  Source: NVD                

CVSS v3

7.8

🔗 NVD Official

📄 Description (English)

EPSON EasyMP Network Projection 2.81 contains an unquoted service path vulnerability in the EMP_NSWLSV service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\EPSON Projector\EasyMP Network Projection V2\ to inject malicious code that would execute with LocalSystem privileges.

🤖 AI Executive Summary

CVE-2020-37064 is a local privilege escalation vulnerability in EPSON EasyMP Network Projection 2.81 affecting the EMP_NSWLSV Windows service. The unquoted service path vulnerability allows local users to execute arbitrary code with LocalSystem privileges. While no public exploit is available, the vulnerability is straightforward to exploit and poses significant risk in enterprise environments where EPSON projectors are deployed for presentation and collaboration purposes.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: Apr 27, 2026 17:18

🇸🇦 Saudi Arabia Impact Assessment

This vulnerability primarily impacts Saudi government agencies, educational institutions, and large enterprises that utilize EPSON projectors for conference rooms and presentation facilities. High-risk sectors include: Banking and Financial Services (SAMA-regulated institutions using networked projectors), Government Ministries and NCA facilities, Healthcare institutions with presentation systems, and Corporate headquarters. The vulnerability enables local privilege escalation, allowing compromised user accounts to gain system-level access, potentially leading to lateral movement, data exfiltration, and infrastructure compromise. Organizations with shared workstations or bring-your-own-device (BYOD) policies face elevated risk.

🏢 Affected Saudi Sectors

Government and Public Administration Banking and Financial Services Healthcare and Medical Institutions Education and Universities Energy and Utilities Telecommunications Large Enterprises and Corporations Defense and Security

🎯 MITRE ATT&CK Techniques

T1548.004 - Abuse Elevation Control Mechanism: Unquoted Path T1547.001 - Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder T1134.003 - Access Token Manipulation: Make and Impersonate Token T1543.003 - Create or Modify System Process: Windows Service T1611 - Escape to Host T1574.008 - Hijack Execution Flow: DLL Search Order Hijacking

⚖️ Saudi Risk Score (AI)

7.2

/ 10.0

🔧 Remediation Steps (English)

Immediate Actions:

1. Identify all systems running EPSON EasyMP Network Projection 2.81 across your organization using asset inventory tools

2. Restrict local access to affected systems through Group Policy and access controls

3. Disable the EMP_NSWLSV service if not actively required: net stop EMP_NSWLSV and set startup type to Disabled

4. Review local user account privileges and remove unnecessary administrative access

Patching Guidance:

1. Upgrade EPSON EasyMP Network Projection to version 2.82 or later immediately

2. Download patches from EPSON official support portal with proper change management

3. Test patches in non-production environment before enterprise deployment

4. Implement phased rollout to minimize business disruption

Compensating Controls (if patching delayed):

1. Apply file system permissions to C:\Program Files (x86)\EPSON Projector\ restricting write access to Administrators only

2. Implement AppLocker or Windows Defender Application Control to prevent unauthorized executable execution

3. Monitor service startup events (Event ID 7045) for suspicious service creation

4. Deploy endpoint detection and response (EDR) solutions to detect privilege escalation attempts

Detection Rules:

1. Monitor for file creation/modification in EPSON Projector installation directory by non-admin users

2. Alert on EMP_NSWLSV service restart or modification attempts

3. Track process execution with LocalSystem privileges originating from EPSON directories

4. Monitor Windows Event Log for service installation events (Event ID 7045) with suspicious paths

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تحديد جميع الأنظمة التي تقوم بتشغيل EPSON EasyMP Network Projection 2.81 عبر مؤسستك باستخدام أدوات جرد الأصول

2. تقييد الوصول المحلي للأنظمة المتأثرة من خلال Group Policy وعناصر التحكم في الوصول

3. تعطيل خدمة EMP_NSWLSV إذا لم تكن مطلوبة بنشاط: net stop EMP_NSWLSV وتعيين نوع البدء إلى معطل

4. مراجعة امتيازات حسابات المستخدمين المحليين وإزالة الوصول الإداري غير الضروري

إرشادات التصحيح:

1. ترقية EPSON EasyMP Network Projection إلى الإصدار 2.82 أو أحدث على الفور

2. تحميل التصحيحات من بوابة دعم EPSON الرسمية مع إدارة التغيير المناسبة

3. اختبار التصحيحات في بيئة غير الإنتاج قبل نشر المؤسسة

4. تنفيذ الطرح على مراحل لتقليل انقطاع الأعمال

عناصر التحكم التعويضية:

1. تطبيق أذونات نظام الملفات على C:\Program Files (x86)\EPSON Projector\ مع تقييد الوصول للكتابة للمسؤولين فقط

2. تنفيذ AppLocker أو Windows Defender Application Control لمنع تنفيذ الملفات القابلة للتنفيذ غير المصرح بها

3. مراقبة أحداث بدء الخدمة (معرف الحدث 7045) لإنشاء خدمة مريب

4. نشر حلول الكشف والاستجابة للنقاط النهائية (EDR) للكشف عن محاولات تصعيد الامتيازات

قواعد الكشف:

1. مراقبة إنشاء/تعديل الملفات في دليل تثبيت EPSON Projector من قبل مستخدمين غير إداريين

2. التنبيه على محاولات إعادة تشغيل أو تعديل خدمة EMP_NSWLSV

3. تتبع تنفيذ العملية بامتيازات LocalSystem من أدلة EPSON

4. مراقبة سجل أحداث Windows لأحداث تثبيت الخدمة (معرف الحدث 7045) مع مسارات مريبة

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.5.1.1 - Information Security Policies and Procedures A.6.1.1 - Internal Organization A.6.2.1 - Mobile Device Management A.8.1.1 - User Access Management A.8.2.1 - User Access Rights A.8.3.1 - Password Management A.9.1.1 - Physical and Environmental Security A.9.2.1 - Equipment Security A.10.1.1 - Cryptography A.12.2.1 - Change Management A.12.6.1 - Management of Technical Vulnerabilities

🔵 SAMA CSF

Governance - Risk Management Framework Governance - Third-party Risk Management Protective - Access Control Protective - Vulnerability Management Protective - Patch Management Protective - Endpoint Protection Responsive - Incident Response

🟡 ISO 27001:2022

5.3 - Segregation of duties 6.5 - Control of operational change 8.1 - Operational planning and control 8.2 - Supply chain relationships 8.3 - Information and communication 8.6 - Capacity and resource management 8.7 - Determination of security requirements A.5.18 - Management of information security incidents and improvements A.6.1 - Screening A.8.1 - User endpoint devices A.8.3 - Password management A.12.6 - Management of technical vulnerabilities

🔗 References & Sources 3

🔗

https://epson.com/support/easymp-network-projection-v2-86-for-windows

disclosure@vulncheck.com

🔗

https://www.exploit-db.com/exploits/48069

disclosure@vulncheck.com

🔗

https://www.vulncheck.com/advisories/epson-easymp-network-projection-empnswlsv-unquoted...

disclosure@vulncheck.com

📊 CVSS Score

7.8

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score7.8

CWECWE-428

EPSS0.01%

Exploit No

Patch ✓ Yes

Published 2026-02-01

Source Feed nvd

🇸🇦 Saudi Risk Score

7.2

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-428

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2020-37064

💬 Comments

Introduce Yourself

Sign In Required