Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2013-4613

The default configuration of the administrative interface on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers does not require authentication, which allows remote attackers to modify the configuration by visiting the Advanced page. NOTE: the vendor has apparently responded by stating "for user convenience, the default setting does not require a password. However, if a user has a particular concern about third parties accessing the user's home printer, the default setting can be changed to add a password."

Published

2013-06-21T21:55:01.007

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-264

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Hardware	canon	mg3100_printer	-	Yes
Hardware	canon	mg5300_printer	-	Yes
Hardware	canon	mg6100_printer	-	Yes
Hardware	canon	mp340_printer	-	Yes
Hardware	canon	mp495_printer	-	Yes
Hardware	canon	mx870_printer	-	Yes
Hardware	canon	mx890_printer	-	Yes
Hardware	canon	mx920_printer	-	Yes
Hardware	canon	mx922_printer	-	Yes

References

http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0146.html ([email protected])
http://www.mattandreko.com/2013/06/canon-y-u-no-security.html ([email protected])
http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0146.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.mattandreko.com/2013/06/canon-y-u-no-security.html (af854a3a-2127-422b-91ae-364da2661108)