CVE-2013-4613
Canon Printer DoS / Secret Disclosure
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The default configuration of the administrative interface on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers does not require authentication, which allows remote attackers to modify the configuration by visiting the Advanced page. NOTE: the vendor has apparently responded by stating "for user convenience, the default setting does not require a password. However, if a user has a particular concern about third parties accessing the user's home printer, the default setting can be changed to add a password."
La configuración por defecto de la interfaz de administración en las impresoras Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920 y MX922 no requiere autenticación, lo que permite a atacantes remotos modificar la configuración visitando la página de opciones avanzadas. NOTA: el vendedor al parecer ha respondido afirmando que "para mayor comodidad del usuario, la configuración por defecto no requiere una contraseña. Sin embargo, un usuario puede cambiar la configuración por defecto y añadir una contraseña ".
Various Canon printers suffer from a lack of password authentication, denial of service, and WEP/WPA/WPA2 secret disclosure vulnerabilities. Models affected include, but are not limited to, MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, and MX920.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-06-17 CVE Reserved
- 2013-06-18 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0146.html | Mailing List | |
| http://www.mattandreko.com/2013/06/canon-y-u-no-security.html | X_refsource_misc |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Canon Search vendor "Canon" | Mg3100 Printer Search vendor "Canon" for product "Mg3100 Printer" | - | - |
Affected
| ||||||
| Canon Search vendor "Canon" | Mg5300 Printer Search vendor "Canon" for product "Mg5300 Printer" | - | - |
Affected
| ||||||
| Canon Search vendor "Canon" | Mg6100 Printer Search vendor "Canon" for product "Mg6100 Printer" | - | - |
Affected
| ||||||
| Canon Search vendor "Canon" | Mp340 Printer Search vendor "Canon" for product "Mp340 Printer" | - | - |
Affected
| ||||||
| Canon Search vendor "Canon" | Mp495 Printer Search vendor "Canon" for product "Mp495 Printer" | - | - |
Affected
| ||||||
| Canon Search vendor "Canon" | Mx870 Printer Search vendor "Canon" for product "Mx870 Printer" | - | - |
Affected
| ||||||
| Canon Search vendor "Canon" | Mx890 Printer Search vendor "Canon" for product "Mx890 Printer" | - | - |
Affected
| ||||||
| Canon Search vendor "Canon" | Mx920 Printer Search vendor "Canon" for product "Mx920 Printer" | - | - |
Affected
| ||||||
| Canon Search vendor "Canon" | Mx922 Printer Search vendor "Canon" for product "Mx922 Printer" | - | - |
Affected
| ||||||