Vulnerabilites related to canon - mx870_printer
CVE-2013-4615 (GCVE-0-2013-4615)
Vulnerability from cvelistv5
Published
2013-06-21 21:00
Modified
2024-09-17 03:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers allow remote attackers to cause a denial of service (device hang) via a crafted LAN_TXT24 parameter to English/pages_MacUS/cgi_lan.cgi followed by a direct request to English/pages_MacUS/lan_set_content.html. NOTE: the vendor has apparently responded by stating "Canon believes that its printers will not have to deal with unauthorized access to the network from an external location as long as the printers are used in a secured environment."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.mattandreko.com/2013/06/canon-y-u-no-security.html | x_refsource_MISC | |
| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/http/canon_wireless_printer.rb | x_refsource_MISC | |
| http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0146.html | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:26.892Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.mattandreko.com/2013/06/canon-y-u-no-security.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/http/canon_wireless_printer.rb"
},
{
"name": "20130618 Canon Wireless Printer Disclosure \u0026 DoS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0146.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers allow remote attackers to cause a denial of service (device hang) via a crafted LAN_TXT24 parameter to English/pages_MacUS/cgi_lan.cgi followed by a direct request to English/pages_MacUS/lan_set_content.html. NOTE: the vendor has apparently responded by stating \"Canon believes that its printers will not have to deal with unauthorized access to the network from an external location as long as the printers are used in a secured environment.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-06-21T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.mattandreko.com/2013/06/canon-y-u-no-security.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/http/canon_wireless_printer.rb"
},
{
"name": "20130618 Canon Wireless Printer Disclosure \u0026 DoS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0146.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4615",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers allow remote attackers to cause a denial of service (device hang) via a crafted LAN_TXT24 parameter to English/pages_MacUS/cgi_lan.cgi followed by a direct request to English/pages_MacUS/lan_set_content.html. NOTE: the vendor has apparently responded by stating \"Canon believes that its printers will not have to deal with unauthorized access to the network from an external location as long as the printers are used in a secured environment.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mattandreko.com/2013/06/canon-y-u-no-security.html",
"refsource": "MISC",
"url": "http://www.mattandreko.com/2013/06/canon-y-u-no-security.html"
},
{
"name": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/http/canon_wireless_printer.rb",
"refsource": "MISC",
"url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/http/canon_wireless_printer.rb"
},
{
"name": "20130618 Canon Wireless Printer Disclosure \u0026 DoS",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0146.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4615",
"datePublished": "2013-06-21T21:00:00Z",
"dateReserved": "2013-06-17T00:00:00Z",
"dateUpdated": "2024-09-17T03:32:37.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4614 (GCVE-0-2013-4614)
Vulnerability from cvelistv5
Published
2013-06-21 21:00
Modified
2024-09-17 01:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
English/pages_MacUS/wls_set_content.html on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers shows the Wi-Fi PSK passphrase in cleartext, which allows physically proximate attackers to obtain sensitive information by reading the screen of an unattended workstation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/canon_wireless.rb | x_refsource_MISC | |
| http://www.mattandreko.com/2013/06/canon-y-u-no-security.html | x_refsource_MISC | |
| http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0146.html | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:27.149Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/canon_wireless.rb"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.mattandreko.com/2013/06/canon-y-u-no-security.html"
},
{
"name": "20130618 Canon Wireless Printer Disclosure \u0026 DoS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0146.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "English/pages_MacUS/wls_set_content.html on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers shows the Wi-Fi PSK passphrase in cleartext, which allows physically proximate attackers to obtain sensitive information by reading the screen of an unattended workstation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-06-21T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/canon_wireless.rb"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.mattandreko.com/2013/06/canon-y-u-no-security.html"
},
{
"name": "20130618 Canon Wireless Printer Disclosure \u0026 DoS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0146.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4614",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "English/pages_MacUS/wls_set_content.html on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers shows the Wi-Fi PSK passphrase in cleartext, which allows physically proximate attackers to obtain sensitive information by reading the screen of an unattended workstation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/canon_wireless.rb",
"refsource": "MISC",
"url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/canon_wireless.rb"
},
{
"name": "http://www.mattandreko.com/2013/06/canon-y-u-no-security.html",
"refsource": "MISC",
"url": "http://www.mattandreko.com/2013/06/canon-y-u-no-security.html"
},
{
"name": "20130618 Canon Wireless Printer Disclosure \u0026 DoS",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0146.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4614",
"datePublished": "2013-06-21T21:00:00Z",
"dateReserved": "2013-06-17T00:00:00Z",
"dateUpdated": "2024-09-17T01:37:09.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4613 (GCVE-0-2013-4613)
Vulnerability from cvelistv5
Published
2013-06-21 21:00
Modified
2024-09-16 17:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The default configuration of the administrative interface on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers does not require authentication, which allows remote attackers to modify the configuration by visiting the Advanced page. NOTE: the vendor has apparently responded by stating "for user convenience, the default setting does not require a password. However, if a user has a particular concern about third parties accessing the user's home printer, the default setting can be changed to add a password."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.mattandreko.com/2013/06/canon-y-u-no-security.html | x_refsource_MISC | |
| http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0146.html | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:26.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.mattandreko.com/2013/06/canon-y-u-no-security.html"
},
{
"name": "20130618 Canon Wireless Printer Disclosure \u0026 DoS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0146.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The default configuration of the administrative interface on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers does not require authentication, which allows remote attackers to modify the configuration by visiting the Advanced page. NOTE: the vendor has apparently responded by stating \"for user convenience, the default setting does not require a password. However, if a user has a particular concern about third parties accessing the user\u0027s home printer, the default setting can be changed to add a password.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-06-21T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.mattandreko.com/2013/06/canon-y-u-no-security.html"
},
{
"name": "20130618 Canon Wireless Printer Disclosure \u0026 DoS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0146.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of the administrative interface on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers does not require authentication, which allows remote attackers to modify the configuration by visiting the Advanced page. NOTE: the vendor has apparently responded by stating \"for user convenience, the default setting does not require a password. However, if a user has a particular concern about third parties accessing the user\u0027s home printer, the default setting can be changed to add a password.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mattandreko.com/2013/06/canon-y-u-no-security.html",
"refsource": "MISC",
"url": "http://www.mattandreko.com/2013/06/canon-y-u-no-security.html"
},
{
"name": "20130618 Canon Wireless Printer Disclosure \u0026 DoS",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0146.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4613",
"datePublished": "2013-06-21T21:00:00Z",
"dateReserved": "2013-06-17T00:00:00Z",
"dateUpdated": "2024-09-16T17:27:45.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2013-06-21 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
The default configuration of the administrative interface on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers does not require authentication, which allows remote attackers to modify the configuration by visiting the Advanced page. NOTE: the vendor has apparently responded by stating "for user convenience, the default setting does not require a password. However, if a user has a particular concern about third parties accessing the user's home printer, the default setting can be changed to add a password."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canon | mg3100_printer | - | |
| canon | mg5300_printer | - | |
| canon | mg6100_printer | - | |
| canon | mp340_printer | - | |
| canon | mp495_printer | - | |
| canon | mx870_printer | - | |
| canon | mx890_printer | - | |
| canon | mx920_printer | - | |
| canon | mx922_printer | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:canon:mg3100_printer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA808CB1-E232-45A7-8913-03DDD4D967AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:canon:mg5300_printer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A7BF24E-0FE5-41E6-B4AF-5CEC5ED0AB3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:canon:mg6100_printer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C007C65-9187-4593-B236-025831220B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:canon:mp340_printer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F038B929-787C-4350-B1A4-F2E0F12969FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:canon:mp495_printer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A7687B9-537C-47CB-AA7B-DE57725B6E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:canon:mx870_printer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "555BD45B-2B53-42BE-B76B-03205EADD821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:canon:mx890_printer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD762566-16C3-4391-B3C4-A0247AA082AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:canon:mx920_printer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C74EB1F2-29DA-4835-B2D0-AB96CB1B4FB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:canon:mx922_printer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08F6F82C-6EF6-40E6-A6C5-D2B4952B02FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configuration of the administrative interface on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers does not require authentication, which allows remote attackers to modify the configuration by visiting the Advanced page. NOTE: the vendor has apparently responded by stating \"for user convenience, the default setting does not require a password. However, if a user has a particular concern about third parties accessing the user\u0027s home printer, the default setting can be changed to add a password.\""
},
{
"lang": "es",
"value": "La configuraci\u00f3n por defecto de la interfaz de administraci\u00f3n en las impresoras Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920 y MX922 no requiere autenticaci\u00f3n, lo que permite a atacantes remotos modificar la configuraci\u00f3n visitando la p\u00e1gina de opciones avanzadas. NOTA: el vendedor al parecer ha respondido afirmando que \"para mayor comodidad del usuario, la configuraci\u00f3n por defecto no requiere una contrase\u00f1a. Sin embargo, un usuario puede cambiar la configuraci\u00f3n por defecto y a\u00f1adir una contrase\u00f1a \"."
}
],
"id": "CVE-2013-4613",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-06-21T21:55:01.007",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0146.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mattandreko.com/2013/06/canon-y-u-no-security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0146.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mattandreko.com/2013/06/canon-y-u-no-security.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-06-21 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
The Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers allow remote attackers to cause a denial of service (device hang) via a crafted LAN_TXT24 parameter to English/pages_MacUS/cgi_lan.cgi followed by a direct request to English/pages_MacUS/lan_set_content.html. NOTE: the vendor has apparently responded by stating "Canon believes that its printers will not have to deal with unauthorized access to the network from an external location as long as the printers are used in a secured environment."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canon | mg3100_printer | - | |
| canon | mg5300_printer | - | |
| canon | mg6100_printer | - | |
| canon | mp340_printer | - | |
| canon | mp495_printer | - | |
| canon | mx870_printer | - | |
| canon | mx890_printer | - | |
| canon | mx920_printer | - | |
| canon | mx922_printer | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:canon:mg3100_printer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA808CB1-E232-45A7-8913-03DDD4D967AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:canon:mg5300_printer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A7BF24E-0FE5-41E6-B4AF-5CEC5ED0AB3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:canon:mg6100_printer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C007C65-9187-4593-B236-025831220B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:canon:mp340_printer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F038B929-787C-4350-B1A4-F2E0F12969FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:canon:mp495_printer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A7687B9-537C-47CB-AA7B-DE57725B6E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:canon:mx870_printer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "555BD45B-2B53-42BE-B76B-03205EADD821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:canon:mx890_printer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD762566-16C3-4391-B3C4-A0247AA082AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:canon:mx920_printer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C74EB1F2-29DA-4835-B2D0-AB96CB1B4FB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:canon:mx922_printer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08F6F82C-6EF6-40E6-A6C5-D2B4952B02FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers allow remote attackers to cause a denial of service (device hang) via a crafted LAN_TXT24 parameter to English/pages_MacUS/cgi_lan.cgi followed by a direct request to English/pages_MacUS/lan_set_content.html. NOTE: the vendor has apparently responded by stating \"Canon believes that its printers will not have to deal with unauthorized access to the network from an external location as long as the printers are used in a secured environment.\""
},
{
"lang": "es",
"value": "Las impresoras Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920 y MX922 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (cuelgue del dispositivo) a trav\u00e9s de un par\u00e1metro LAN_TXT24 especialmente dise\u00f1ado a English/pages_MacUS/cgi_lan.cgi seguido de una petici\u00f3n directa a English/pages_MacUS/lan_set_content.html. NOTA: el vendedor ha respondido diciendo \"Canon cree que sus impresoras no tendr\u00e1n que hacer frente a accesos no autorizados a la red desde una ubicaci\u00f3n externa, siempre y cuando las impresoras se utilizan en un entorno seguro.\""
}
],
"id": "CVE-2013-4615",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-06-21T21:55:01.057",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0146.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mattandreko.com/2013/06/canon-y-u-no-security.html"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/http/canon_wireless_printer.rb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0146.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mattandreko.com/2013/06/canon-y-u-no-security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/http/canon_wireless_printer.rb"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-06-21 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
English/pages_MacUS/wls_set_content.html on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers shows the Wi-Fi PSK passphrase in cleartext, which allows physically proximate attackers to obtain sensitive information by reading the screen of an unattended workstation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canon | mg3100_printer | - | |
| canon | mg5300_printer | - | |
| canon | mg6100_printer | - | |
| canon | mp340_printer | - | |
| canon | mp495_printer | - | |
| canon | mx870_printer | - | |
| canon | mx890_printer | - | |
| canon | mx920_printer | - | |
| canon | mx922_printer | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:canon:mg3100_printer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA808CB1-E232-45A7-8913-03DDD4D967AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:canon:mg5300_printer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A7BF24E-0FE5-41E6-B4AF-5CEC5ED0AB3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:canon:mg6100_printer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C007C65-9187-4593-B236-025831220B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:canon:mp340_printer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F038B929-787C-4350-B1A4-F2E0F12969FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:canon:mp495_printer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A7687B9-537C-47CB-AA7B-DE57725B6E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:canon:mx870_printer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "555BD45B-2B53-42BE-B76B-03205EADD821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:canon:mx890_printer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD762566-16C3-4391-B3C4-A0247AA082AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:canon:mx920_printer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C74EB1F2-29DA-4835-B2D0-AB96CB1B4FB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:canon:mx922_printer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08F6F82C-6EF6-40E6-A6C5-D2B4952B02FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "English/pages_MacUS/wls_set_content.html on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers shows the Wi-Fi PSK passphrase in cleartext, which allows physically proximate attackers to obtain sensitive information by reading the screen of an unattended workstation."
},
{
"lang": "es",
"value": "English/pages_MacUS/wls_set_content.html en impresoras Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, y MX922 muestra la contrase\u00f1a de paso (passphrase) en texto plano, lo que permite a atacantes f\u00edsicamente pr\u00f3ximos obtener informaci\u00f3n sensible mediante la lectura de la pantalla de una estaci\u00f3n de trabajo."
}
],
"id": "CVE-2013-4614",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-06-21T21:55:01.033",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0146.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mattandreko.com/2013/06/canon-y-u-no-security.html"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/canon_wireless.rb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0146.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mattandreko.com/2013/06/canon-y-u-no-security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/canon_wireless.rb"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}