Vulnerability Details CVE-2018-12049
A remote attacker can bypass the System Manager Mode on the Canon LBP6030w web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation
Exploit prediction scoring system (EPSS) score
EPSS Score 0.066
EPSS Ranking 90.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
Products affected by CVE-2018-12049
-
cpe:2.3:h:canon:lbp6030w:-
-
cpe:2.3:o:canon:lbp6030w_firmware:-