CVSS: 10.0EPSS: 6%CPEs: 2EXPL: 1CVE-2018-12048
https://notcve.org/view.php?id=CVE-2018-12048
08 Jun 2018 — A remote attacker can bypass the Management Mode on the Canon LBP7110Cw web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation ** EN DISPUTA ** Un atacante remoto puede omitir el modo "Management Mode" en la interfaz web de Canon LBP7110Cw sin conocer el PIN par... • https://gist.github.com/huykha/455e7d3b86eb6629066d921f46bfcee3 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 6%CPEs: 4EXPL: 1CVE-2018-11711
https://notcve.org/view.php?id=CVE-2018-11711
04 Jun 2018 — A remote attacker can bypass the System Manager Mode on the Canon MF210 and MF220 web interface without knowing the PIN for /login.html via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation ** EN DISPUTA ** Un atacante remoto puede omitir el modo "System Manager" en la interfaz web de Canon MF210 y MF220 sin... • https://gist.github.com/huykha/9dbcd0e46058f1e18bab241d1b2754bd • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 3%CPEs: 8EXPL: 1CVE-2018-11692
https://notcve.org/view.php?id=CVE-2018-11692
04 Jun 2018 — An issue was discovered on Canon LBP6650, LBP3370, LBP3460, and LBP7750C devices. It is possible to bypass the Administrator Mode authentication for /tlogin.cgi via vectors involving frame.cgi?page=DevStatus. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation ** EN DISPUTA ** Se ha descubierto un problema en dispositivos Canon LBP6650, LBP3370, LBP3460 y LBP7750C. Es posible o... • https://gist.github.com/huykha/2dfbe97810e96a05e67359fd9e7cc9ff • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5631
https://notcve.org/view.php?id=CVE-2015-5631
11 Sep 2015 — Cross-site request forgery (CSRF) vulnerability in the Remote UI on Canon PIXMA MG7500 printers allows remote attackers to hijack the authentication of administrators. Vulnerabilidad de CSRF en la UI Remote en impresoras Canon PIXMA MG7500, permite a atacantes remotos secuestrar la autenticación de los administradores. • http://jvn.jp/en/jp/JVN07427376/index.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.6EPSS: 8%CPEs: 9EXPL: 2CVE-2013-4614 – Canon Printer Wireless Configuration Disclosure
https://notcve.org/view.php?id=CVE-2013-4614
18 Jun 2013 — English/pages_MacUS/wls_set_content.html on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers shows the Wi-Fi PSK passphrase in cleartext, which allows physically proximate attackers to obtain sensitive information by reading the screen of an unattended workstation. English/pages_MacUS/wls_set_content.html en impresoras Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, y MX922 muestra la contraseña de paso (passphrase) en texto plano, lo que permite a ata... • https://packetstorm.news/files/id/181201 • CWE-255: Credentials Management Errors •
CVSS: 7.5EPSS: 66%CPEs: 9EXPL: 2CVE-2013-4615 – Canon Wireless Printer Denial of Service
https://notcve.org/view.php?id=CVE-2013-4615
18 Jun 2013 — The Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers allow remote attackers to cause a denial of service (device hang) via a crafted LAN_TXT24 parameter to English/pages_MacUS/cgi_lan.cgi followed by a direct request to English/pages_MacUS/lan_set_content.html. NOTE: the vendor has apparently responded by stating "Canon believes that its printers will not have to deal with unauthorized access to the network from an external location as long as the printers are used in a se... • https://packetstorm.news/files/id/180511 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 9EXPL: 1CVE-2013-4613 – Canon Printer DoS / Secret Disclosure
https://notcve.org/view.php?id=CVE-2013-4613
18 Jun 2013 — The default configuration of the administrative interface on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers does not require authentication, which allows remote attackers to modify the configuration by visiting the Advanced page. NOTE: the vendor has apparently responded by stating "for user convenience, the default setting does not require a password. However, if a user has a particular concern about third parties accessing the user's home printer, the default setti... • https://packetstorm.news/files/id/122073 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2009-4608
https://notcve.org/view.php?id=CVE-2009-4608
13 Jan 2010 — Cross-site scripting (XSS) vulnerability in Canon IT Solutions Inc. ACCESSGUARDIAN 3.0.14 and earlier, and 3.5.6 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to authentication. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Canon IT Solutions Inc. ACCESSGUARDIAN v3.0.14 y anteriores y v3.5.6 y anteriores, permite a atacantes remotos inyectar secuencias arbitrarias de comandos web o HTML a través de vectores desconocidos rel... • http://canon-its.jp/guardian/topics/200910ag.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 70EXPL: 0CVE-2008-0303
https://notcve.org/view.php?id=CVE-2008-0303
29 Feb 2008 — The FTP print feature in multiple Canon printers, including imageRUNNER and imagePRESS, allow remote attackers to use the server as an inadvertent proxy via a modified PORT command, aka FTP bounce. La característica de impresión FTP en múltiples impresoras Canon, incluyendo imageRUNNER e imagePRESS, permite a atacantes remotos utilizar el servidor como un proxy inadvertido a través de un comando PORT modificado, también conocido como salto FTP. • http://itso.iu.edu/20080229_Canon_MFD_FTP_bounce_attack •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2007-2680
https://notcve.org/view.php?id=CVE-2007-2680
15 May 2007 — Cross-site scripting (XSS) vulnerability in the management interface in Canon Network Camera Server VB100 and VB101 with firmware 3.0 R69 and earlier, and VB150 with firmware 1.1 R39 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en el interfaz de gestión en Canon Network Camera Server VB100 y VB101 con software empotrado (firmware)3.0 R69 y anteriores, y VB150 con software empotrado (firmw... • http://cweb.canon.jp/drv-upd/webview/notification.html •