Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Canon Subscribe

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-26508 1 Canon 2 Oce Colorwave 3500, Oce Colorwave 3500 Firmware 2020-12-01 5.0 MEDIUM 9.8 CRITICAL
The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the UI.
CVE-2018-12048 1 Canon 2 Lbp7110cw, Lbp7110cw Firmware 2018-08-03 10.0 HIGH 9.8 CRITICAL
** DISPUTED ** A remote attacker can bypass the Management Mode on the Canon LBP7110Cw web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation.
CVE-2018-12049 1 Canon 2 Lbp6030w, Lbp6030w Firmware 2018-08-01 10.0 HIGH 9.8 CRITICAL
** DISPUTED ** A remote attacker can bypass the System Manager Mode on the Canon LBP6030w web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation.
CVE-2018-11711 1 Canon 4 Mf210, Mf210 Firmware, Mf220 and 1 more 2018-08-01 10.0 HIGH 9.8 CRITICAL
** DISPUTED ** A remote attacker can bypass the System Manager Mode on the Canon MF210 and MF220 web interface without knowing the PIN for /login.html via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation.
CVE-2018-11692 1 Canon 8 Lbp3370, Lbp3370 Firmware, Lbp3460 and 5 more 2018-07-20 10.0 HIGH 9.8 CRITICAL
** DISPUTED ** An issue was discovered on Canon LBP6650, LBP3370, LBP3460, and LBP7750C devices. It is possible to bypass the Administrator Mode authentication for /tlogin.cgi via vectors involving frame.cgi?page=DevStatus. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation.