ID CVE-2006-4680
Summary The Remote UI in Canon imageRUNNER includes usernames and passwords when exporting an address book, which allows context-dependent attackers to obtain sensitive information.
References
Vulnerable Configurations
  • cpe:2.3:a:canon:imagerunner_2620:*:*:*:*:*:*:*:*
    cpe:2.3:a:canon:imagerunner_2620:*:*:*:*:*:*:*:*
  • cpe:2.3:a:canon:imagerunner_5020:*:*:*:*:*:*:*:*
    cpe:2.3:a:canon:imagerunner_5020:*:*:*:*:*:*:*:*
  • cpe:2.3:a:canon:imagerunner_6870:*:*:*:*:*:*:*:*
    cpe:2.3:a:canon:imagerunner_6870:*:*:*:*:*:*:*:*
  • cpe:2.3:a:canon:imagerunner_8500:*:*:*:*:*:*:*:*
    cpe:2.3:a:canon:imagerunner_8500:*:*:*:*:*:*:*:*
  • cpe:2.3:a:canon:imagerunner_9070:*:*:*:*:*:*:*:*
    cpe:2.3:a:canon:imagerunner_9070:*:*:*:*:*:*:*:*
  • cpe:2.3:a:canon:imagerunner_c3220:*:*:*:*:*:*:*:*
    cpe:2.3:a:canon:imagerunner_c3220:*:*:*:*:*:*:*:*
  • cpe:2.3:a:canon:imagerunner_c6800:*:*:*:*:*:*:*:*
    cpe:2.3:a:canon:imagerunner_c6800:*:*:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 17-10-2018 - 21:39)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:N/A:N
refmap via4
bid 19865
bugtraq
  • 20060905 Canon ImageRunner reveals SMB, IPX, and FTP username/passwords
  • 20060907 Re: Canon ImageRunner reveals SMB, IPX, and FTP username/passwords
secunia 21788
sreason 1538
vupen ADV-2006-3501
xf canon-imagerunner-information-disclosure(28795)
Last major update 17-10-2018 - 21:39
Published 11-09-2006 - 17:04
Last modified 17-10-2018 - 21:39
Back to Top