PT-2013-5095 · Canon · Canon Mx340+8

Published

2013-06-21

Updated

2013-06-24

CVE-2013-4613

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Canon MG3100 Canon MG5300 Canon MG6100 Canon MP495 Canon MX340 Canon MX870 Canon MX890 Canon MX920 Canon MX922

Description The default configuration of the administrative interface on the affected printers does not require authentication, allowing remote attackers to modify the configuration by visiting the "Advanced page". The vendor has stated that the default setting does not require a password for user convenience, but it can be changed to add a password if users have concerns about third-party access.

Recommendations For each of the affected printer models, change the default setting to add a password to require authentication for accessing the administrative interface.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2013-4613

Affected Products

Canon Mg3100

Canon Mg5300

Canon Mg6100

Canon Mp495

Canon Mx340

Canon Mx870

Canon Mx890

Canon Mx920

Canon Mx922

PT-2013-5095 · Canon · Canon Mx340+8

CVE-2013-4613

Weakness Enumeration

Related Identifiers

Affected Products

References · 3