CVE-2013-4615
Summary
| CVE | CVE-2013-4615 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2013-06-21 21:55:00 UTC |
| Updated | 2013-06-24 22:31:00 UTC |
| Description | The Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers allow remote attackers to cause a denial of service (device hang) via a crafted LAN_TXT24 parameter to English/pages_MacUS/cgi_lan.cgi followed by a direct request to English/pages_MacUS/lan_set_content.html. NOTE: the vendor has apparently responded by stating "Canon believes that its printers will not have to deal with unauthorized access to the network from an external location as long as the printers are used in a secured environment." |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Canon | Mg3100 Printer | - | All | All | All |
| Hardware | Canon | Mg3100 Printer | - | All | All | All |
| Hardware | Canon | Mg5300 Printer | - | All | All | All |
| Hardware | Canon | Mg5300 Printer | - | All | All | All |
| Hardware | Canon | Mg6100 Printer | - | All | All | All |
| Hardware | Canon | Mg6100 Printer | - | All | All | All |
| Hardware | Canon | Mp340 Printer | - | All | All | All |
| Hardware | Canon | Mp340 Printer | - | All | All | All |
| Hardware | Canon | Mp495 Printer | - | All | All | All |
| Hardware | Canon | Mp495 Printer | - | All | All | All |
| Hardware | Canon | Mx870 Printer | - | All | All | All |
| Hardware | Canon | Mx870 Printer | - | All | All | All |
| Hardware | Canon | Mx890 Printer | - | All | All | All |
| Hardware | Canon | Mx890 Printer | - | All | All | All |
| Hardware | Canon | Mx920 Printer | - | All | All | All |
| Hardware | Canon | Mx920 Printer | - | All | All | All |
| Hardware | Canon | Mx922 Printer | - | All | All | All |
| Hardware | Canon | Mx922 Printer | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Canon, Y U NO Security? - MattAndreko.com | MISC | www.mattandreko.com | |
| 20130618 Canon Wireless Printer Disclosure & DoS | FULLDISC | archives.neohapsis.com | |
| metasploit-framework/canon_wireless_printer.rb at master · rapid7/metasploit-framework · GitHub | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.