CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-39367
https://notcve.org/view.php?id=CVE-2021-39367
Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection. Canon Oce Print Exec Workgroup versión 1.3.2, permite una inyección del encabezado Host. • https://github.com/IthacaLabs/Canon/tree/main/OCE_Print_Exec_Workgroup_Version_1_3_2/HHI • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2021-38085 – Canon TR150 Driver 3.71.2.10 Privilege Escalation
https://notcve.org/view.php?id=CVE-2021-38085
The Canon TR150 print driver through 3.71.2.10 is vulnerable to a privilege escalation issue. During the add printer process, a local attacker can overwrite CNMurGE.dll and, if timed properly, the overwritten DLL will be loaded into a SYSTEM process resulting in escalation of privileges. This occurs because the driver drops a world-writable DLL into a CanonBJ %PROGRAMDATA% location that gets loaded by printisolationhost (a system process). El controlador de impresión Canon TR150 versiones hasta 3.71.2.10, es vulnerable a un problema de escalada de privilegios. Durante el proceso add printer, un atacante local puede sobrescribir la biblioteca CNMurGE.dll y, si se sincroniza apropiadamente, la DLL sobrescrita será cargada en un proceso SYSTEM, resultando en una escalada de privilegios. • http://packetstormsecurity.com/files/163795/Canon-TR150-Driver-3.71.2.10-Privilege-Escalation.html https://defcon.org/html/defcon-29/dc-29-speakers.html#baines https://raw.githubusercontent.com/jacob-baines/vuln_disclosure/main/vuln_2021_03.txt https://www.youtube.com/watch?v=vdesswZYz-8 - • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 56EXPL: 0CVE-2020-16849
https://notcve.org/view.php?id=CVE-2020-16849
An issue was discovered on Canon MF237w 06.07 devices. An "Improper Handling of Length Parameter Inconsistency" issue in the IPv4/ICMPv4 component, when handling a packet sent by an unauthenticated network attacker, may expose Sensitive Information. Se detectó un problema en los dispositivos Canon MF237w versión 06.07. Un problema de "Improper Handling of Length Parameter Inconsistency" en el componente IPv4/ICMPv4, cuando se maneja un paquete enviado por un atacante de red no autenticado, puede exponer información confidencial • https://blog.scadafence.com/vulnerability-report-cve-2020-16849 https://www.canon-europe.com/support/product-security •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-26508
https://notcve.org/view.php?id=CVE-2020-26508
The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the UI. El componente WebTools de los dispositivos Canon Oce ColorWave 3500 versión 5.1.1.0, permite a atacantes recuperar las credenciales SMB almacenadas por medio de la funcionalidad export, aunque sean intencionadamente inaccesibles en la interfaz de usuario • https://www.syss.de/pentest-blog • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.8EPSS: 0%CPEs: 220EXPL: 1CVE-2020-12695 – hostapd: UPnP SUBSCRIBE misbehavior in WPS AP
https://notcve.org/view.php?id=CVE-2020-12695
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. La especificación UPnP de Open Connectivity Foundation antes del 17-04-2020 no prohíbe la aceptación de una petición de suscripción con una URL de entrega en un segmento de red diferente a la URL de suscripción de evento totalmente calificada, también se conoce como el problema de CallStranger • https://github.com/yunuscadirci/CallStranger http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html http://www.openwall.com/lists/oss-security/2020/06/08/2 https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek https://github.com/corelight/callstranger-detector https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html https://lists.debian.org/debian-l • CWE-276: Incorrect Default Permissions CWE-918: Server-Side Request Forgery (SSRF) •