Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
canon vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv2
CVE-2021-43471
In Canon LBP223 printers, the System Manager Mode login does not require an account password or PIN. An attacker can remotely shut down the device after entering the background, creating a denial of service vulnerability.
Canon Lbp223dw Firmware -
3 Github repositories
4.3
CVSSv2
CVE-2020-10667
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Stored XSS in /TemplateManager/indexExternalLocation.jsp. The vulnerable parameter is map(template_name). NOTE: this is fixed in the latest version.
Canon Oce Colorwave 500 Firmware
4.3
CVSSv2
CVE-2020-10668
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in /home.jsp. The vulnerable parameter is openSI. NOTE: this is fixed in the latest version.
Canon Oce Colorwave 500 Firmware
4.3
CVSSv2
CVE-2020-10670
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in the parameter settingId of the settingDialogContent.jsp page. NOTE: this is fixed in the latest version.
Canon Oce Colorwave 500 Firmware
6.8
CVSSv2
CVE-2020-10671
The Canon Oce Colorwave 500 4.0.0.0 printer's web application is missing any form of CSRF protections. This is a system-wide issue. An attacker could perform administrative actions by targeting a logged-in administrative user. NOTE: this is fixed in the latest version.
Canon Oce Colorwave 500 Firmware
7.2
CVSSv2
CVE-2021-38085
The Canon TR150 print driver up to and including 3.71.2.10 is vulnerable to a privilege escalation issue. During the add printer process, a local attacker can overwrite CNMurGE.dll and, if timed properly, the overwritten DLL will be loaded into a SYSTEM process resulting in escal...
Canon Pixma Tr150 Firmware
10
CVSSv2
CVE-2018-12048
A remote attacker can bypass the Management Mode on the Canon LBP7110Cw web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the ...
Canon Lbp7110cw Firmware -
10
CVSSv2
CVE-2018-12049
A remote attacker can bypass the System Manager Mode on the Canon LBP6030w web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps t...
Canon Lbp6030w Firmware -
5
CVSSv2
CVE-2020-26508
The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows malicious users to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the UI.
Canon Oce Colorwave 3500 Firmware 5.1.1.0
5
CVSSv2
CVE-2020-10669
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to authentication bypass on the page /home.jsp. An unauthenticated attacker able to connect to the device's web interface can get a copy of the documents uploaded by any users. NOTE: thi...
Canon Oce Colorwave 500 Firmware 4.0.0.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »