CVE-2013-4615

Name of the Vulnerable Software and Affected Versions Canon MG3100 Canon MG5300 Canon MG6100 Canon MP495 Canon MX340 Canon MX870 Canon MX890 Canon MX920 Canon MX922

Description The issue allows remote attackers to cause a denial of service, resulting in a device hang, by sending a crafted LAN TXT24 parameter to the "English/pages MacUS/cgi lan.cgi" API endpoint, followed by a direct request to "English/pages MacUS/lan set content.html".

Recommendations For each of the affected Canon printer models, consider restricting access to the cgi lan.cgi and lan set content.html endpoints to minimize the risk of exploitation. As a temporary workaround, avoid using the LAN TXT24 parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.