Canon: Security Vulnerabilities
Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection.
CVSS Score
5.3
EPSS Score
0.002
Published
2021-08-23
Canon Oce Print Exec Workgroup 1.3.2 allows XSS via the lang parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-08-23
The Canon TR150 print driver through 3.71.2.10 is vulnerable to a privilege escalation issue. During the add printer process, a local attacker can overwrite CNMurGE.dll and, if timed properly, the overwritten DLL will be loaded into a SYSTEM process resulting in escalation of privileges. This occurs because the driver drops a world-writable DLL into a CanonBJ %PROGRAMDATA% location that gets loaded by printisolationhost (a system process).
CVSS Score
7.8
EPSS Score
0.037
Published
2021-08-11
An issue was discovered on Canon MF237w 06.07 devices. An "Improper Handling of Length Parameter Inconsistency" issue in the IPv4/ICMPv4 component, when handling a packet sent by an unauthenticated network attacker, may expose Sensitive Information.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-11-30
The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the UI.
CVSS Score
9.8
EPSS Score
0.003
Published
2020-11-16
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
CVSS Score
7.5
EPSS Score
0.033
Published
2020-06-08
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to authentication bypass on the page /home.jsp. An unauthenticated attacker able to connect to the device's web interface can get a copy of the documents uploaded by any users. NOTE: this is fixed in the latest version.
CVSS Score
7.5
EPSS Score
0.011
Published
2020-03-19
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Stored XSS in /TemplateManager/indexExternalLocation.jsp. The vulnerable parameter is map(template_name). NOTE: this is fixed in the latest version.
CVSS Score
6.1
EPSS Score
0.005
Published
2020-03-19
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in /home.jsp. The vulnerable parameter is openSI. NOTE: this is fixed in the latest version.
CVSS Score
6.1
EPSS Score
0.005
Published
2020-03-19
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in the parameter settingId of the settingDialogContent.jsp page. NOTE: this is fixed in the latest version.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-03-19