CVE-2018-11692

Name of the Vulnerable Software and Affected Versions Canon LBP6650 versions Canon LBP3370 versions Canon LBP3460 versions Canon LBP7750C versions

Description The issue is related to a weakness in the authentication procedure of Canon printer software when using standard device settings. It allows a remote attacker to gain access to the device's web interface with administrator privileges. The vulnerability can be exploited by bypassing the Administrator Mode authentication for the /tlogin.cgi endpoint via vectors involving frame.cgi?page=DevStatus. This issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation.

Recommendations For Canon LBP6650, consider changing the default settings and applying the countermeasures and best practices shown in the documentation to prevent exploitation. For Canon LBP3370, consider changing the default settings and applying the countermeasures and best practices shown in the documentation to prevent exploitation. For Canon LBP3460, consider changing the default settings and applying the countermeasures and best practices shown in the documentation to prevent exploitation. For Canon LBP7750C, consider changing the default settings and applying the countermeasures and best practices shown in the documentation to prevent exploitation. As a temporary workaround, consider restricting access to the /tlogin.cgi endpoint and the frame.cgi?page=DevStatus vector until the issue is resolved.