MidnightBSD

Advisories for canon

CVE-2004-2166 HIGH

The print-from-email feature in the Canon ImageRUNNER (iR) 5000i and C3200 digital printer, when not using IP address range filtering, allows remote attackers to print arbitrary text without authentication via a text/plain email to TCP port 25.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
canon imagerunner_c3200 *
canon imagerunner_5000i *
CVE-2005-4827 HIGH

Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces. NOTE: this issue can be leveraged to conduct referer spoofing, HTTP Request Smuggling, and other attacks.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
microsoft internet_explorer 6
microsoft internet_explorer 6.0.2800
microsoft internet_explorer 6.0.2900.2180
microsoft internet_explorer 6.0.2800.1106
microsoft ie 6.0
canon network_camera_server_vb101 *
microsoft internet_explorer 6.0
microsoft ie 6
microsoft internet_explorer 6.0.2600
CVE-2006-1185 HIGH

Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
microsoft internet_explorer 6
canon network_camera_server_vb101 *
microsoft ie 6
microsoft ie 5.01
CVE-2006-1188 HIGH

Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
microsoft internet_explorer 6.0.2800
microsoft internet_explorer 6.0.2900.2180
microsoft internet_explorer 6.0.2800.1106
canon network_camera_server_vb101 *
microsoft ie 6
microsoft internet_explorer 6
microsoft ie 6.0
microsoft internet_explorer 6.0
microsoft internet_explorer 6.0.2600
microsoft ie 5.2.3
microsoft internet_explorer 5.5
microsoft internet_explorer 5.1
microsoft ie 5.1
CVE-2006-1192 LOW

Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address Bar Spoofing Vulnerability." NOTE: this is a different vulnerability than CVE-2006-1626.

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
microsoft internet_explorer 6
canon network_camera_server_vb101 *
microsoft ie 6
microsoft ie 5.01
CVE-2006-2900 MEDIUM

Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
canon network_camera_server_vb101 *
microsoft ie 6
microsoft ie 5.01
CVE-2006-3354 MEDIUM

Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
microsoft internet_explorer 6
microsoft internet_explorer 6.0.2800
microsoft internet_explorer 6.0.2900.2180
microsoft internet_explorer 6.0.2800.1106
microsoft ie 6.0
canon network_camera_server_vb101 *
microsoft internet_explorer 6.0
microsoft ie 6
microsoft internet_explorer 6.0.2600
CVE-2013-4613 HIGH

The default configuration of the administrative interface on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers does not require authentication, which allows remote attackers to modify the configuration by visiting the Advanced page. NOTE: the vendor has apparently responded by stating "for user convenience, the default setting does not require a password. However, if a user has a particular concern about third parties accessing the user's home printer, the default setting can be changed to add a password."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
canon mp495_printer -
canon mx870_printer -
canon mx922_printer -
canon mx920_printer -
canon mg6100_printer -
canon mg3100_printer -
canon mp340_printer -
canon mx890_printer -
canon mg5300_printer -
CVE-2013-4614 LOW

English/pages_MacUS/wls_set_content.html on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers shows the Wi-Fi PSK passphrase in cleartext, which allows physically proximate attackers to obtain sensitive information by reading the screen of an unattended workstation.

CVSS 2.0

Severity: LOW

Problem Type: CWE-255,

Products Affected

Vendor Product Version
canon mp495_printer -
canon mx870_printer -
canon mx922_printer -
canon mx920_printer -
canon mg6100_printer -
canon mg3100_printer -
canon mp340_printer -
canon mx890_printer -
canon mg5300_printer -
CVE-2013-4615 MEDIUM

The Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers allow remote attackers to cause a denial of service (device hang) via a crafted LAN_TXT24 parameter to English/pages_MacUS/cgi_lan.cgi followed by a direct request to English/pages_MacUS/lan_set_content.html. NOTE: the vendor has apparently responded by stating "Canon believes that its printers will not have to deal with unauthorized access to the network from an external location as long as the printers are used in a secured environment."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
canon mp495_printer -
canon mx870_printer -
canon mx922_printer -
canon mx920_printer -
canon mg6100_printer -
canon mg3100_printer -
canon mp340_printer -
canon mx890_printer -
canon mg5300_printer -
CVE-2015-5631 MEDIUM

Cross-site request forgery (CSRF) vulnerability in the Remote UI on Canon PIXMA MG7500 printers allows remote attackers to hijack the authentication of administrators.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
canon pixma_mg7500_series_inkjet_printer -
CVE-2018-11692 HIGH

An issue was discovered on Canon LBP6650, LBP3370, LBP3460, and LBP7750C devices. It is possible to bypass the Administrator Mode authentication for /tlogin.cgi via vectors involving frame.cgi?page=DevStatus. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
canon lbp6650_firmware -
canon lbp3370_firmware -
canon lbp3460_firmware -
canon lbp7750c_firmware -
CVE-2018-11711 HIGH

A remote attacker can bypass the System Manager Mode on the Canon MF210 and MF220 web interface without knowing the PIN for /login.html via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
canon mf220_firmware -
canon mf210_firmware -
CVE-2018-12048 HIGH

A remote attacker can bypass the Management Mode on the Canon LBP7110Cw web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
canon lbp7110cw_firmware -
CVE-2018-12049 HIGH

A remote attacker can bypass the System Manager Mode on the Canon LBP6030w web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
canon lbp6030w_firmware -
CVE-2018-12111 MEDIUM

Cross-site scripting (XSS) vulnerability in the Canon PrintMe EFI webinterface allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the /wt3/mydocs.php URI.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
canon efi_printme *
CVE-2019-14339 MEDIUM

The ContentProvider in the Canon PRINT jp.co.canon.bsd.ad.pixmaprint 2.5.5 application for Android does not properly restrict canon.ij.printer.capability.data data access. This allows an attacker's malicious application to obtain sensitive information including factory passwords for the administrator web interface and WPA2-PSK key.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
canon print 2.5.5
CVE-2019-5994 HIGH

Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code on the affected product via SendObjectInfo command.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
canon eos_5d_mark_iv_firmware *
canon eos_1300d_firmware *
canon eos_5ds_r_firmware *
canon eos_6d_firmware *
canon eos_m100_firmware *
canon eos_80d_firmware *
canon eos_5ds_firmware *
canon eos-1d_x_firmware *
canon eos_kiss_x80_firmware *
canon eos_750d_firmware *
canon eos_800d_firmware *
canon eos_d_rebel_t6i_firmware *
canon eos_8000d_firmware *
canon eos_d_rebel_t6_firmware *
canon eos_kiss_x90_firmware *
canon eos_m10_firmware *
canon powershot_sx70_hs_firmware *
canon eos_d_rebel_sl3_firmware *
canon eos_700d_firmware *
canon eos_d_rebel_t7i_firmware *
canon eos_6d_mark_ii_firmware *
canon eos_1200d_firmware *
canon eos_kiss_x9_firmware *
canon eos-1d_x_mkii_firmware *
canon eos_kiss_x10_firmware *
canon eos_m50_firmware *
canon eos_3000d_firmware *
canon eos_m5_firmware *
canon eos_7d_mark_ii_firmware *
canon eos_70d_firmware *
canon eos_hi_firmware *
canon eos_kiss_x70_firmware *
canon eos_77d_firmware *
canon powershot_sx740_hs_firmware *
canon eos_d_rebel_sl1_firmware *
canon eos_kiss_x9i_firmware *
canon eos_kiss_m_firmware *
canon eos_4000d_firmware *
canon eos_rp_gold_firmware *
canon eos_760d_firmware *
canon eos_d_rebel_t7_firmware *
canon eos_d_rebel_t5i_firmware *
canon eos_m6_firmware *
canon eos_d_rebel_sl2_firmware *
canon eos_m6(china)_firmware *
canon eos_m3_firmware *
canon eos_d_rebel_t5_firmware *
canon eos_d_rebel_t5_re_firmware *
canon eos_100d_firmware *
canon eos-1d_c_firmware *
canon eos_kiss_x7i_firmware *
canon eos_kiss_x7_firmware *
canon eos_9000d_firmware *
canon eos_250d_firmware *
canon eos_d_rebel_t6s_firmware *
canon eos_r_firmware *
canon eos_5d_mark_iii_firmware *
canon eos_1500d_firmware *
canon eos_2000d_firmware *
canon eos_rp_firmware *
canon eos_1200d_mg_firmware *
canon eos_d_rebel_t100_firmware *
canon eos_m2_firmware *
canon powershot_g5xmark_ii_firmware *
canon eos_kiss_x8i_firmware *
canon eos_200d_firmware *
CVE-2019-5995 MEDIUM

Missing authorization vulnerability exists in EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier. A successful exploitation may result in a specially crafted firmware update or unofficial firmware update being applied without user's consent via unspecified vector.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-862,

Products Affected

Vendor Product Version
canon eos_5d_mark_iv_firmware *
canon eos_1300d_firmware *
canon eos_5ds_r_firmware *
canon eos_6d_firmware *
canon eos_m100_firmware *
canon eos_80d_firmware *
canon eos_5ds_firmware *
canon eos-1d_x_firmware *
canon eos_kiss_x80_firmware *
canon eos_750d_firmware *
canon eos_800d_firmware *
canon eos_d_rebel_t6i_firmware *
canon eos_8000d_firmware *
canon eos_d_rebel_t6_firmware *
canon eos_kiss_x90_firmware *
canon eos_m10_firmware *
canon powershot_sx70_hs_firmware *
canon eos_d_rebel_sl3_firmware *
canon eos_700d_firmware *
canon eos_d_rebel_t7i_firmware *
canon eos_6d_mark_ii_firmware *
canon eos_1200d_firmware *
canon eos_kiss_x9_firmware *
canon eos-1d_x_mkii_firmware *
canon eos_kiss_x10_firmware *
canon eos_m50_firmware *
canon eos_3000d_firmware *
canon eos_m5_firmware *
canon eos_7d_mark_ii_firmware *
canon eos_70d_firmware *
canon eos_hi_firmware *
canon eos_kiss_x70_firmware *
canon eos_77d_firmware *
canon powershot_sx740_hs_firmware *
canon eos_d_rebel_sl1_firmware *
canon eos_kiss_x9i_firmware *
canon eos_kiss_m_firmware *
canon eos_4000d_firmware *
canon eos_rp_gold_firmware *
canon eos_760d_firmware *
canon eos_d_rebel_t7_firmware *
canon eos_d_rebel_t5i_firmware *
canon eos_m6_firmware *
canon eos_d_rebel_sl2_firmware *
canon eos_m6(china)_firmware *
canon eos_m3_firmware *
canon eos_d_rebel_t5_firmware *
canon eos_d_rebel_t5_re_firmware *
canon eos_100d_firmware *
canon eos-1d_c_firmware *
canon eos_kiss_x7i_firmware *
canon eos_kiss_x7_firmware *
canon eos_9000d_firmware *
canon eos_250d_firmware *
canon eos_d_rebel_t6s_firmware *
canon eos_r_firmware *
canon eos_5d_mark_iii_firmware *
canon eos_1500d_firmware *
canon eos_2000d_firmware *
canon eos_rp_firmware *
canon eos_1200d_mg_firmware *
canon eos_d_rebel_t100_firmware *
canon eos_m2_firmware *
canon powershot_g5xmark_ii_firmware *
canon eos_kiss_x8i_firmware *
canon eos_200d_firmware *
CVE-2019-5998 HIGH

Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code on the affected product via notifybtstatus command.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
canon eos_5d_mark_iv_firmware *
canon eos_1300d_firmware *
canon eos_5ds_r_firmware *
canon eos_6d_firmware *
canon eos_m100_firmware *
canon eos_80d_firmware *
canon eos_5ds_firmware *
canon eos-1d_x_firmware *
canon eos_kiss_x80_firmware *
canon eos_750d_firmware *
canon eos_800d_firmware *
canon eos_d_rebel_t6i_firmware *
canon eos_8000d_firmware *
canon eos_d_rebel_t6_firmware *
canon eos_kiss_x90_firmware *
canon eos_m10_firmware *
canon powershot_sx70_hs_firmware *
canon eos_d_rebel_sl3_firmware *
canon eos_700d_firmware *
canon eos_d_rebel_t7i_firmware *
canon eos_6d_mark_ii_firmware *
canon eos_1200d_firmware *
canon eos_kiss_x9_firmware *
canon eos-1d_x_mkii_firmware *
canon eos_kiss_x10_firmware *
canon eos_m50_firmware *
canon eos_3000d_firmware *
canon eos_m5_firmware *
canon eos_7d_mark_ii_firmware *
canon eos_70d_firmware *
canon eos_hi_firmware *
canon eos_kiss_x70_firmware *
canon eos_77d_firmware *
canon powershot_sx740_hs_firmware *
canon eos_d_rebel_sl1_firmware *
canon eos_kiss_x9i_firmware *
canon eos_kiss_m_firmware *
canon eos_4000d_firmware *
canon eos_rp_gold_firmware *
canon eos_760d_firmware *
canon eos_d_rebel_t7_firmware *
canon eos_d_rebel_t5i_firmware *
canon eos_m6_firmware *
canon eos_d_rebel_sl2_firmware *
canon eos_m6(china)_firmware *
canon eos_m3_firmware *
canon eos_d_rebel_t5_firmware *
canon eos_d_rebel_t5_re_firmware *
canon eos_100d_firmware *
canon eos-1d_c_firmware *
canon eos_kiss_x7i_firmware *
canon eos_kiss_x7_firmware *
canon eos_9000d_firmware *
canon eos_250d_firmware *
canon eos_d_rebel_t6s_firmware *
canon eos_r_firmware *
canon eos_5d_mark_iii_firmware *
canon eos_1500d_firmware *
canon eos_2000d_firmware *
canon eos_rp_firmware *
canon eos_1200d_mg_firmware *
canon eos_d_rebel_t100_firmware *
canon eos_m2_firmware *
canon powershot_g5xmark_ii_firmware *
canon eos_kiss_x8i_firmware *
canon eos_200d_firmware *
CVE-2019-5999 HIGH

Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code on the affected product via blerequest command.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
canon eos_5d_mark_iv_firmware *
canon eos_1300d_firmware *
canon eos_5ds_r_firmware *
canon eos_6d_firmware *
canon eos_m100_firmware *
canon eos_80d_firmware *
canon eos_5ds_firmware *
canon eos-1d_x_firmware *
canon eos_kiss_x80_firmware *
canon eos_750d_firmware *
canon eos_800d_firmware *
canon eos_d_rebel_t6i_firmware *
canon eos_8000d_firmware *
canon eos_d_rebel_t6_firmware *
canon eos_kiss_x90_firmware *
canon eos_m10_firmware *
canon powershot_sx70_hs_firmware *
canon eos_d_rebel_sl3_firmware *
canon eos_700d_firmware *
canon eos_d_rebel_t7i_firmware *
canon eos_6d_mark_ii_firmware *
canon eos_1200d_firmware *
canon eos_kiss_x9_firmware *
canon eos-1d_x_mkii_firmware *
canon eos_kiss_x10_firmware *
canon eos_m50_firmware *
canon eos_3000d_firmware *
canon eos_m5_firmware *
canon eos_7d_mark_ii_firmware *
canon eos_70d_firmware *
canon eos_hi_firmware *
canon eos_kiss_x70_firmware *
canon eos_77d_firmware *
canon powershot_sx740_hs_firmware *
canon eos_d_rebel_sl1_firmware *
canon eos_kiss_x9i_firmware *
canon eos_kiss_m_firmware *
canon eos_4000d_firmware *
canon eos_rp_gold_firmware *
canon eos_760d_firmware *
canon eos_d_rebel_t7_firmware *
canon eos_d_rebel_t5i_firmware *
canon eos_m6_firmware *
canon eos_d_rebel_sl2_firmware *
canon eos_m6(china)_firmware *
canon eos_m3_firmware *
canon eos_d_rebel_t5_firmware *
canon eos_d_rebel_t5_re_firmware *
canon eos_100d_firmware *
canon eos-1d_c_firmware *
canon eos_kiss_x7i_firmware *
canon eos_kiss_x7_firmware *
canon eos_9000d_firmware *
canon eos_250d_firmware *
canon eos_d_rebel_t6s_firmware *
canon eos_r_firmware *
canon eos_5d_mark_iii_firmware *
canon eos_1500d_firmware *
canon eos_2000d_firmware *
canon eos_rp_firmware *
canon eos_1200d_mg_firmware *
canon eos_d_rebel_t100_firmware *
canon eos_m2_firmware *
canon powershot_g5xmark_ii_firmware *
canon eos_kiss_x8i_firmware *
canon eos_200d_firmware *
CVE-2019-6000 HIGH

Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code on the affected product via sendhostinfo command.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
canon eos_5d_mark_iv_firmware *
canon eos_1300d_firmware *
canon eos_5ds_r_firmware *
canon eos_6d_firmware *
canon eos_m100_firmware *
canon eos_80d_firmware *
canon eos_5ds_firmware *
canon eos-1d_x_firmware *
canon eos_kiss_x80_firmware *
canon eos_750d_firmware *
canon eos_800d_firmware *
canon eos_d_rebel_t6i_firmware *
canon eos_8000d_firmware *
canon eos_d_rebel_t6_firmware *
canon eos_kiss_x90_firmware *
canon eos_m10_firmware *
canon powershot_sx70_hs_firmware *
canon eos_d_rebel_sl3_firmware *
canon eos_700d_firmware *
canon eos_d_rebel_t7i_firmware *
canon eos_6d_mark_ii_firmware *
canon eos_1200d_firmware *
canon eos_kiss_x9_firmware *
canon eos-1d_x_mkii_firmware *
canon eos_kiss_x10_firmware *
canon eos_m50_firmware *
canon eos_3000d_firmware *
canon eos_m5_firmware *
canon eos_7d_mark_ii_firmware *
canon eos_70d_firmware *
canon eos_hi_firmware *
canon eos_kiss_x70_firmware *
canon eos_77d_firmware *
canon powershot_sx740_hs_firmware *
canon eos_d_rebel_sl1_firmware *
canon eos_kiss_x9i_firmware *
canon eos_kiss_m_firmware *
canon eos_4000d_firmware *
canon eos_rp_gold_firmware *
canon eos_760d_firmware *
canon eos_d_rebel_t7_firmware *
canon eos_d_rebel_t5i_firmware *
canon eos_m6_firmware *
canon eos_d_rebel_sl2_firmware *
canon eos_m6(china)_firmware *
canon eos_m3_firmware *
canon eos_d_rebel_t5_firmware *
canon eos_d_rebel_t5_re_firmware *
canon eos_100d_firmware *
canon eos-1d_c_firmware *
canon eos_kiss_x7i_firmware *
canon eos_kiss_x7_firmware *
canon eos_9000d_firmware *
canon eos_250d_firmware *
canon eos_d_rebel_t6s_firmware *
canon eos_r_firmware *
canon eos_5d_mark_iii_firmware *
canon eos_1500d_firmware *
canon eos_2000d_firmware *
canon eos_rp_firmware *
canon eos_1200d_mg_firmware *
canon eos_d_rebel_t100_firmware *
canon eos_m2_firmware *
canon powershot_g5xmark_ii_firmware *
canon eos_kiss_x8i_firmware *
canon eos_200d_firmware *
CVE-2019-6001 HIGH

Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code on the affected product via setadapterbatteryreport command.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
canon eos_5d_mark_iv_firmware *
canon eos_1300d_firmware *
canon eos_5ds_r_firmware *
canon eos_6d_firmware *
canon eos_m100_firmware *
canon eos_80d_firmware *
canon eos_5ds_firmware *
canon eos-1d_x_firmware *
canon eos_kiss_x80_firmware *
canon eos_750d_firmware *
canon eos_800d_firmware *
canon eos_d_rebel_t6i_firmware *
canon eos_8000d_firmware *
canon eos_d_rebel_t6_firmware *
canon eos_kiss_x90_firmware *
canon eos_m10_firmware *
canon powershot_sx70_hs_firmware *
canon eos_d_rebel_sl3_firmware *
canon eos_700d_firmware *
canon eos_d_rebel_t7i_firmware *
canon eos_6d_mark_ii_firmware *
canon eos_1200d_firmware *
canon eos_kiss_x9_firmware *
canon eos-1d_x_mkii_firmware *
canon eos_kiss_x10_firmware *
canon eos_m50_firmware *
canon eos_3000d_firmware *
canon eos_m5_firmware *
canon eos_7d_mark_ii_firmware *
canon eos_70d_firmware *
canon eos_hi_firmware *
canon eos_kiss_x70_firmware *
canon eos_77d_firmware *
canon powershot_sx740_hs_firmware *
canon eos_d_rebel_sl1_firmware *
canon eos_kiss_x9i_firmware *
canon eos_kiss_m_firmware *
canon eos_4000d_firmware *
canon eos_rp_gold_firmware *
canon eos_760d_firmware *
canon eos_d_rebel_t7_firmware *
canon eos_d_rebel_t5i_firmware *
canon eos_m6_firmware *
canon eos_d_rebel_sl2_firmware *
canon eos_m6(china)_firmware *
canon eos_m3_firmware *
canon eos_d_rebel_t5_firmware *
canon eos_d_rebel_t5_re_firmware *
canon eos_100d_firmware *
canon eos-1d_c_firmware *
canon eos_kiss_x7i_firmware *
canon eos_kiss_x7_firmware *
canon eos_9000d_firmware *
canon eos_250d_firmware *
canon eos_d_rebel_t6s_firmware *
canon eos_r_firmware *
canon eos_5d_mark_iii_firmware *
canon eos_1500d_firmware *
canon eos_2000d_firmware *
canon eos_rp_firmware *
canon eos_1200d_mg_firmware *
canon eos_d_rebel_t100_firmware *
canon eos_m2_firmware *
canon powershot_g5xmark_ii_firmware *
canon eos_kiss_x8i_firmware *
canon eos_200d_firmware *
CVE-2020-10667 MEDIUM

The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Stored XSS in /TemplateManager/indexExternalLocation.jsp. The vulnerable parameter is map(template_name). NOTE: this is fixed in the latest version.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
canon oce_colorwave_500_firmware *
CVE-2020-10668 MEDIUM

The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in /home.jsp. The vulnerable parameter is openSI. NOTE: this is fixed in the latest version.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
canon oce_colorwave_500_firmware *
CVE-2020-10669 MEDIUM

The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to authentication bypass on the page /home.jsp. An unauthenticated attacker able to connect to the device's web interface can get a copy of the documents uploaded by any users. NOTE: this is fixed in the latest version.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
canon oce_colorwave_500_firmware 4.0.0.0
CVE-2020-10670 MEDIUM

The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in the parameter settingId of the settingDialogContent.jsp page. NOTE: this is fixed in the latest version.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
canon oce_colorwave_500_firmware *
CVE-2020-10671 MEDIUM

The Canon Oce Colorwave 500 4.0.0.0 printer's web application is missing any form of CSRF protections. This is a system-wide issue. An attacker could perform administrative actions by targeting a logged-in administrative user. NOTE: this is fixed in the latest version.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
canon oce_colorwave_500_firmware *
CVE-2020-12695 HIGH

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H 2.2 4.7

CVSS 2.0

Severity: HIGH

Problem Type: CWE-276,

Products Affected

Vendor Product Version
epson ep-101 -
hp envy_6020_6wd35a -
hp envy_photo_7120_z3m41d -
hp envy_pro_6420_6wd16a -
hp hp_envy_4524_f0v72b -
hp hp_officejet_4657_v6d29b -
debian debian_linux 9.0
hp envy_photo_7100_3xd89a -
hp deskjet_ink_advantage_3545_a9t83b -
hp hp_envy_4524_f0v71b -
asus rt-n11 -
hp envy_100_cn519b -
hp officejet_4650_f1h96a -
hp 5660_f8b04a -
hp deskjet_ink_advantage_5575_g0v48b -
hp envy_120_cz022a -
hp envy_4502_a9t85a -
w1.fi hostapd *
hp deskjet_ink_advantage_4535_f0v64c -
hp hp_envy_4528_k9t08b -
hp envy_5534 -
hp officejet_4656_k9v81b -
cisco wap351 -
hp 5030_m2u92b -
epson xp-320 -
hp envy_100_cn517c -
hp envy_4500_a9t80a -
hp 5030_z4a70a -
hp envy_110_cq812c -
hp envy_5543_n9u88a -
epson xp-630 -
hp deskjet_ink_advantage_3545_a9t81a -
hp officejet_4652_f1j02a -
hp envy_5000_z4a74a -
hp envy_5546_k7c90a -
hp envy_5547_j6u64a -
hp envy_110_cq809c -
epson xp-340 -
hp envy_5643_b9s63a -
hp hp_deskjet_ink_advantage_4538_f0v66b -
hp officejet_4655_k9v79a -
hp deskjet_ink_advantage_4535_f0v64b -
hp hp_envy_4513_k9h51a -
hp hp_envy_4524_k9t01a -
hp deskjet_ink_advantage_3545_a9t81c -
hp hp_officejet_4654_f1j07b -
hp envy_4500_a9t80b -
dlink dvg-n5412sp -
hp deskjet_ink_advantage_3546_a9t82a -
hp envy_4509_d3p94b -
hp hp_officejet_4652_f1j02a -
hp envy_5646_f8b05a -
hp envy_4520_f0v69a -
hp envy_4504_c8d04a -
hp envy_photo_6222_y0k13d -
hp hp_officejet_4652_f1j05b -
hp envy_4507_e6g70b -
ruckussecurity zonedirector_1200 -
hp envy_5536 -
hp envy_photo_7164_k7g99a -
hp hp_envy_4516_k9h52a -
zyxel vmg8324-b10a -
hp deskjet_ink_advantage_4676_f1h98a -
hp envy_114_cq812a -
hp envy_4503_e6g71b -
hp officejet_4654_f1j06b -
hp envy_5540_f2e72a -
zyxel amg1202-t10b -
hp envy_4513_k9h51a -
epson xp-970 -
hp officejet_4650_f1h96b -
hp envy_6020_5se16b -
cisco wap131 -
hp officejet_4658_v6d30b -
hp envy_6020_5se17a -
hp envy_6020_7cz37a -
microsoft windows_10 -
hp hp_envy_4525_k9t09b -
hp envy_5640_b9s58a -
hp envy_6052_5se18a -
hp envy_4501_c8d05a -
hp envy_6540_b9s59a -
canonical ubuntu_linux 20.04
hp envy_4500_d3p93a -
canon selphy_cp1200 -
hp deskjet_ink_advantage_4536_f0v65a -
hp hp_envy_4520_e6g67b -
hp envy_5535 -
epson xp-620 -
hp envy_pro_6452_5se47a -
hp envy_photo_6200_k7g18a -
ui unifi_controller -
hp envy_120_cz022c -
hp envy_4500_a9t89a -
hp envy_photo_6222_y0k14d -
hp envy_5000_z4a54a -
hp envy_4509_d3p94a -
hp envy_4524_k9t01a -
hp envy_5640_b9s56a -
hp officejet_4654_f1j07b -
hp envy_4505_a9t86a -
hp hp_deskjet_ink_advantage_4536_f0v65a -
microsoft xbox_one 10.0.19041.2494
hp envy_4524_f0v72b -
hp envy_5544_k7c93a -
hp hp_officejet_4654_f1j06b -
hp hp_deskjet_ink_advantage_4678_f1h99b -
cisco wap150 -
epson xp-8500 -
hp envy_114_cq811a -
hp hp_deskjet_ink_advantage_4675_f1h97c -
hp envy_5542_k7c88a -
hp deskjet_ink_advantage_4675_f1h97b -
hp envy_photo_6200_y0k13d_ -
hp envy_5530 -
hp envy_7645_e4w44a -
hp deskjet_ink_advantage_4675_f1h97c -
hp deskjet_ink_advantage_4518 -
hp envy_5545_g0v50a -
hp hp_envy_4520_f0v63b -
hp envy_4526_k9t05b -
hp envy_pro_6420_6wd14a -
hp hp_envy_4511_k9h50a -
hp envy_photo_6200_y0k15a -
epson ew-m970a3t -
epson xp-2101 -
hp envy_photo_6220_k7g20d -
hp envy_5000_m2u85a -
hp envy_5548_k7g87a -
hp hp_officejet_4652_k9v84b -
hp deskjet_ink_advantage_4538_f0v66b -
hp hp_deskjet_ink_advantage_4675_f1h97a -
hp envy_5540_g0v51a -
hp envy_photo_7830_y0g50b -
dell b1165nfw -
epson xp-702 -
hp deskjet_ink_advantage_4535_f0v64a -
hp officejet_4650_e6g87a -
broadcom adsl -
hp hp_officejet_4655_k9v82b -
hp envy_photo_7822_y0g43d -
nec wr8165n -
hp envy_photo_7800_k7s10d -
epson xp-100 -
hp envy_pro_6420_5se45b -
fedoraproject fedora 31
tp-link archer_c50 -
hp envy_pro_6420_5se46a -
hp envy_photo_7800_k7r96a -
hp envy_110_cq809d -
hp envy_5532 -
hp hp_envy_4522_f0v67a -
epson xp-2105 -
hp hp_officejet_4656_k9v81b -
hp envy_7644_e4w46a -
hp hp_envy_4523_j6u60b -
hp envy_photo_6220_k7g21b -
hp envy_photo_7100_z3m37a -
hp hp_envy_4526_k9t05b -
hp hp_deskjet_ink_advantage_4675_f1h97b -
hp envy_photo_6252_k7g22a -
hp 5034_z4a74a -
hp envy_5540_g0v47a -
hp envy_4525_k9t09b -
epson xp-960 -
hp hp_envy_4520_e6g67a -
hp hp_deskjet_ink_advantage_4535_f0v64b -
hp officejet_4652_f1j05b -
hp envy_5665_f8b06a -
hp envy_photo_7100_k7g93a -
hp envy_4520_f0v63a -
hp envy_5020_m2u91b -
hp envy_4520_e6g67b -
hp envy_5644_b9s65a -
hp officejet_4657_v6d29b -
hp envy_photo_7800_y0g42d -
hp hp_envy_4527_j6u61b -
hp envy_photo_6232_k7g26b -
hp hp_deskjet_ink_advantage_4535_f0v64c -
hp hp_officejet_4650_f1h96b -
hp envy_photo_6234_k7s21b -
hp envy_4523_j6u60b -
hp hp_officejet_4650_f1h96a -
hp envy_5539 -
hp envy_pro_6455_5se45a -
huawei hg255s -
hp envy_100_cn518a -
hp envy_100_cn517b -
hp envy_5000_m2u91a -
hp envy_4521_k9t10b -
hp envy_4516_k9h52a -
hp envy_5541_k7g89a -
epson xp-8600 -
hp hp_envy_4521_k9t10b -
zte zxv10_w300 -
hp envy_photo_7800_k7s00a -
epson xp-440 -
hp envy_6055_5se16a -
hp hp_deskjet_ink_advantage_4676_f1h98a -
hp envy_photo_6200_k7s21b -
epson xp-4100 -
hp envy_5540_k7c85a -
epson xp-241 -
hp envy_114_cq811b -
hp deskjet_ink_advantage_3456_a9t84c -
hp envy_110_cq809a -
hp envy_7640 -
debian debian_linux 10.0
hp envy_4522_f0v67a -
hp envy_4508_e6g72b -
hp envy_photo_7800_y0g52b -
hp envy_4520_f0v63b -
huawei hg532e -
hp hp_officejet_4650_e6g87a -
hp envy_photo_7100_z3m52a -
hp 5020_z4a69a -
hp hp_envy_4520_f0v63a -
hp officejet_4655_k9v82b -
hp envy_4511_k9h50a -
hp hp_deskjet_ink_advantage_4535_f0v64a -
hp envy_4504_a9t88b -
hp deskjet_ink_advantage_4515 -
hp envy_5000_m2u91a *
hp envy_100_cn517a -
hp envy_5000_m2u94b -
hp envy_5642_b9s64a -
hp envy_4524_f0v71b -
hp envy_photo_7822_y0g42d -
hp envy_5664_f8b08a -
hp envy_120_cz022b -
hp envy_4512_k9h49a -
hp hp_envy_4520_f0v69a -
hp envy_5531 -
hp envy_5540_g0v52a -
hp envy_5000_m2u85b -
hp envy_photo_6200_k7g26b -
epson xp-4105 -
hp deskjet_ink_advantage_4675_f1h97a -
netgear wnhde111 -
hp envy_photo_7155_z3m52a -
hp deskjet_ink_advantage_3548_a9t81b -
hp envy_4527_j6u61b -
epson xp-330 -
hp envy_100_cn519a -
hp envy_110_cq809b -
hp officejet_4652_k9v84b -
hp envy_4520_e6g67a -
hp envy_111_cq810a -
hp envy_photo_7100_k7g99a -
hp envy_photo_6230_k7g25b -
hp officejet_4655_f1j00a -
hp deskjet_ink_advantage_4678_f1h99b -
fedoraproject fedora 32
epson m571t -
hp hp_officejet_4658_v6d30b -
hp hp_envy_4512_k9h49a -
hp envy_4528_k9t08b -
hp hp_officejet_4655_k9v79a -
hp deskjet_ink_advantage_5575_g0v48c -
hp envy_5544_k7c89a -
hp envy_5540_g0v53a -
hp hp_officejet_4655_f1j00a -
hp envy_4502_a9t87b -
CVE-2020-16849 MEDIUM

An issue was discovered on Canon MF237w 06.07 devices. An "Improper Handling of Length Parameter Inconsistency" issue in the IPv4/ICMPv4 component, when handling a packet sent by an unauthenticated network attacker, may expose Sensitive Information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
canon lbp162dw_firmware -
canon mf229dw_firmware -
canon mf4870dn_firmware -
canon mf216n_firmware -
canon lbp113w_firmware -
canon mf269dw_firmware -
canon mf4890dw_firmware -
canon ir2204f_firmware -
canon ir2206if_firmware -
canon mf231_firmware -
canon ir2202n_firmware -
canon mf4780w_firmware -
canon mf217w_firmware -
canon mf232w_firmware -
canon mf244dw_firmware -
canon mf113w_firmware -
canon ir2206n_firmware -
canon mf267dw_firmware -
canon mf264dw_firmware -
canon ir2204n_firmware -
canon mf249dw_firmware -
canon mf4570dn_firmware -
canon mf4580dn_firmware -
canon lbp151dw_firmware -
canon mf237w_firmware 06.07
canon mf247dw_firmware -
canon mf226dn_firmware -
canon mf212w_firmware -
CVE-2020-26508 MEDIUM

The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the UI.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,

Products Affected

Vendor Product Version
canon oce_colorwave_3500_firmware 5.1.1.0
CVE-2021-20877 LOW

Cross-site scripting vulnerability in Canon laser printers and small office multifunctional printers (LBP162L/LBP162, MF4890dw, MF269dw/MF265dw/MF264dw/MF262dw, MF249dw/MF245dw/MF244dw/MF242dw/MF232w, and MF229dw/MF224dw/MF222dw sold in Japan, imageCLASS MF Series (MF113W/MF212W/MF217W/MF227DW/MF229DW, MF232W/MF244DW/MF247DW/MF249DW, MF264DW/MF267DW/MF269DW/MF269DW VP, and MF4570DN/MF4570DW/MF4770N/MF4880DW/MF4890DW) and imageCLASS LBP Series (LBP113W/LBP151DW/LBP162DW ) sold in the US, and iSENSYS (LBP162DW, LBP113W, LBP151DW, MF269dw, MF267dw, MF264dw, MF113w, MF249dw, MF247dw, MF244dw, MF237w, MF232w, MF229dw, MF217w, MF212w, MF4780w, and MF4890dw) and imageRUNNER (2206IF, 2204N, and 2204F) sold in Europe) allows remote attackers to inject an arbitrary script via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
canon mf113w -
canon mf222dw -
canon lbp162 -
canon mf249dw -
canon mf264dw -
canon mf217w -
canon lbp162dw -
canon mf4780w -
canon mf242dw -
canon mf4570dw -
canon mf229dw -
canon mf4890dw -
canon mf269dw_vp -
canon mf269dw -
canon mf4770n -
canon mf212w -
canon mf247dw -
canon mf267dw -
canon 2204f -
canon mf265dw -
canon lbp151dw -
canon mf262dw -
canon mf244dw -
canon lbp113w -
canon mf232w -
canon mf224dw -
canon mf4880dw -
canon 2204n -
canon lbp162l -
canon mf245dw -
canon 2206if -
canon mf227dw -
canon mf237w -
canon mf4570dn -
CVE-2021-38085 HIGH

The Canon TR150 print driver through 3.71.2.10 is vulnerable to a privilege escalation issue. During the add printer process, a local attacker can overwrite CNMurGE.dll and, if timed properly, the overwritten DLL will be loaded into a SYSTEM process resulting in escalation of privileges. This occurs because the driver drops a world-writable DLL into a CanonBJ %PROGRAMDATA% location that gets loaded by printisolationhost (a system process).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-732,

Products Affected

Vendor Product Version
canon pixma_tr150_firmware *
CVE-2021-38154 MEDIUM

Certain Canon devices manufactured in 2012 through 2020 (such as imageRUNNER ADVANCE iR-ADV C5250), when Catwalk Server is enabled for HTTP access, allow remote attackers to modify an e-mail address setting, and thus cause the device to send sensitive information through e-mail to the attacker. For example, an incoming FAX may be sent through e-mail to the attacker. This occurs when a PIN is not required for General User Mode, as exploited in the wild in August 2021.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,

Products Affected

Vendor Product Version
canon - *
CVE-2021-39367 MEDIUM

Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-116,

Products Affected

Vendor Product Version
canon oce_print_exec_workgroup 1.3.2
CVE-2021-39368 MEDIUM

Canon Oce Print Exec Workgroup 1.3.2 allows XSS via the lang parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
canon oce_print_exec_workgroup 1.3.2
CVE-2021-43471 HIGH

In Canon LBP223 printers, the System Manager Mode login does not require an account password or PIN. An attacker can remotely shut down the device after entering the background, creating a denial of service vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-521,

Products Affected

Vendor Product Version
canon lbp223dw_firmware -
CVE-2022-24672

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CADM service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15802.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
canon lbp1238_ii_firmware -
canon mf1238_ii_firmware -
canon mf6160dw_firmware -
canon ir1435i_firmware -
canon mf525dw_firmware -
canon lbp623cdw_firmware -
canon lbp654cdw_firmware -
canon mf735cdw_firmware -
canon lbp215dw_firmware -
canon d1650_firmware -
canon mf426dw_firmware -
canon ir1643if_firmware -
canon d1620_firmware -
canon mf641cw_firmware -
canon mf746cdw_firmware -
canon mf733cdw_firmware -
canon d1550_firmware -
canon 1435p+_firmware -
canon mf729cdw_firmware -
canon lbp251dw_firmware -
canon mf416dw_firmware -
canon mf448dw_firmware -
canon mf515dw_firmware -
canon mf726cdw_firmware -
canon mf743cdw_firmware -
canon lbp622cdw_firmware -
canon wg7250f_firmware -
canon mf1238_firmware -
canon 1435i+_firmware -
canon mf414dw_firmware -
canon mf731cdw_firmware -
canon mf1127c_firmware -
canon mf642cdw_firmware -
canon lbp228dw_firmware -
canon mf8580cdw_firmware -
canon mf1643if_ii_firmware -
canon 1435p_firmware -
canon mf810cdn_firmware -
canon wg7240_firmware -
canon mf6180dw_firmware -
canon mf451dw_firmware -
canon mf424dw_firmware -
canon mf624cdw_firmware -
canon mf445dw_firmware -
canon mf455dw_firmware -
canon mf1643i_ii_firmware -
canon 1435if+_firmware -
canon d1520_firmware -
canon mf419dw_firmware -
canon mf8280cw_firmware -
canon lbp253dw_firmware -
canon mf634cdw_firmware -
canon 1435if_firmware -
canon mf628cdw_firmware -
canon lbp1238_firmware -
canon lbp664cdw_firmware -
canon lbp1127c_firmware -
canon mf745cdw_firmware -
canon lbp612cdw_firmware -
canon lbp227dw_firmware -
canon lbp226dw_firmware -
canon mf453dw_firmware -
canon mf644cdw_firmware -
canon lbp237dw_firmware -
canon mf543dw_firmware -
canon wg7250z_firmware -
canon mf632cdw_firmware -
canon mf452dw_firmware -
canon ir1643i_firmware -
canon wg7250_firmware -
canon mf429dw_firmware -
canon mf449dw_firmware -
canon mf820cdn_firmware -
canon mf741cdw_firmware -
canon lbp236dw_firmware -
canon lbp214dw_firmware -
CVE-2022-24673

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the SLP protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15845.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
canon lbp1238_ii_firmware -
canon mf1238_ii_firmware -
canon mf6160dw_firmware -
canon ir1435i_firmware -
canon mf525dw_firmware -
canon lbp623cdw_firmware -
canon lbp654cdw_firmware -
canon mf735cdw_firmware -
canon lbp215dw_firmware -
canon d1650_firmware -
canon mf426dw_firmware -
canon ir1643if_firmware -
canon d1620_firmware -
canon mf641cw_firmware -
canon mf746cdw_firmware -
canon mf733cdw_firmware -
canon d1550_firmware -
canon 1435p+_firmware -
canon mf729cdw_firmware -
canon lbp251dw_firmware -
canon mf416dw_firmware -
canon mf448dw_firmware -
canon mf515dw_firmware -
canon mf726cdw_firmware -
canon mf743cdw_firmware -
canon lbp622cdw_firmware -
canon wg7250f_firmware -
canon mf1238_firmware -
canon 1435i+_firmware -
canon mf414dw_firmware -
canon mf731cdw_firmware -
canon mf1127c_firmware -
canon mf642cdw_firmware -
canon lbp228dw_firmware -
canon mf8580cdw_firmware -
canon mf1643if_ii_firmware -
canon 1435p_firmware -
canon mf810cdn_firmware -
canon wg7240_firmware -
canon mf6180dw_firmware -
canon mf451dw_firmware -
canon mf424dw_firmware -
canon mf624cdw_firmware -
canon mf445dw_firmware -
canon mf455dw_firmware -
canon mf1643i_ii_firmware -
canon 1435if+_firmware -
canon d1520_firmware -
canon mf419dw_firmware -
canon mf8280cw_firmware -
canon lbp253dw_firmware -
canon mf634cdw_firmware -
canon 1435if_firmware -
canon mf628cdw_firmware -
canon lbp1238_firmware -
canon lbp664cdw_firmware -
canon lbp1127c_firmware -
canon mf745cdw_firmware -
canon lbp612cdw_firmware -
canon lbp227dw_firmware -
canon lbp226dw_firmware -
canon mf453dw_firmware -
canon mf644cdw_firmware -
canon lbp237dw_firmware -
canon mf543dw_firmware -
canon wg7250z_firmware -
canon mf632cdw_firmware -
canon mf452dw_firmware -
canon ir1643i_firmware -
canon wg7250_firmware -
canon mf429dw_firmware -
canon mf449dw_firmware -
canon mf820cdn_firmware -
canon mf741cdw_firmware -
canon lbp236dw_firmware -
canon lbp214dw_firmware -
CVE-2022-24674

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the privet API. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15834.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
canon lbp1238_ii_firmware -
canon mf1238_ii_firmware -
canon mf6160dw_firmware -
canon ir1435i_firmware -
canon mf525dw_firmware -
canon lbp623cdw_firmware -
canon lbp654cdw_firmware -
canon mf735cdw_firmware -
canon lbp215dw_firmware -
canon d1650_firmware -
canon mf426dw_firmware -
canon ir1643if_firmware -
canon d1620_firmware -
canon mf641cw_firmware -
canon mf746cdw_firmware -
canon mf733cdw_firmware -
canon d1550_firmware -
canon 1435p+_firmware -
canon mf729cdw_firmware -
canon lbp251dw_firmware -
canon mf416dw_firmware -
canon mf448dw_firmware -
canon mf515dw_firmware -
canon mf726cdw_firmware -
canon mf743cdw_firmware -
canon lbp622cdw_firmware -
canon wg7250f_firmware -
canon mf1238_firmware -
canon 1435i+_firmware -
canon mf414dw_firmware -
canon mf731cdw_firmware -
canon mf1127c_firmware -
canon mf642cdw_firmware -
canon lbp228dw_firmware -
canon mf8580cdw_firmware -
canon mf1643if_ii_firmware -
canon 1435p_firmware -
canon mf810cdn_firmware -
canon wg7240_firmware -
canon mf6180dw_firmware -
canon mf451dw_firmware -
canon mf424dw_firmware -
canon mf624cdw_firmware -
canon mf445dw_firmware -
canon mf455dw_firmware -
canon mf1643i_ii_firmware -
canon 1435if+_firmware -
canon d1520_firmware -
canon mf419dw_firmware -
canon mf8280cw_firmware -
canon lbp253dw_firmware -
canon mf634cdw_firmware -
canon 1435if_firmware -
canon mf628cdw_firmware -
canon lbp1238_firmware -
canon lbp664cdw_firmware -
canon lbp1127c_firmware -
canon mf745cdw_firmware -
canon lbp612cdw_firmware -
canon lbp227dw_firmware -
canon lbp226dw_firmware -
canon mf453dw_firmware -
canon mf644cdw_firmware -
canon lbp237dw_firmware -
canon mf543dw_firmware -
canon wg7250z_firmware -
canon mf632cdw_firmware -
canon mf452dw_firmware -
canon ir1643i_firmware -
canon wg7250_firmware -
canon mf429dw_firmware -
canon mf449dw_firmware -
canon mf820cdn_firmware -
canon mf741cdw_firmware -
canon lbp236dw_firmware -
canon lbp214dw_firmware -
CVE-2022-26111 HIGH

The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search (or editing an existing/predefined search) of the documents. The search components permit adding BeanShell expressions that result in Remote Code Execution in the context of the IRISNext application user, running on the web server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-917,

Products Affected

Vendor Product Version
canon irisnext *
CVE-2022-26320 MEDIUM

The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys that can be broken with Fermat's factorization method. This allows efficient calculation of private RSA keys from the public key of a TLS certificate.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-330,

Products Affected

Vendor Product Version
fujifilm apeosport_c2560_firmware *
fujifilm docuprint_3208_d_firmware *
fujifilm apeosport_c5570_g_firmware *
fujifilm docucentre-vii_c2273_firmware *
fujifilm apeos_c6570_firmware *
fujifilm apeosport_2560_firmware *
fujifilm apeos_c5570_g_firmware *
fujifilm apeosport-vii_c5588_firmware *
fujifilm apeosport_c2060_g_firmware *
fujifilm apeos_c3570_g_firmware *
fujifilm apeosport_c5570_firmware *
fujifilm docuprint_4408_d_firmware *
fujifilm apeosport_3060_g_firmware *
fujifilm apeosport_c7070_g_firmware *
fujifilm apeosport_3560_firmware *
fujifilm docuprint_c3555_d_firmware *
fujifilm apeosport_c3060_firmware *
fujifilm apeosport-vii_c2273_firmware *
fujifilm docucentre-vii_c7773_firmware *
fujifilm primelink_c9065_firmware *
fujifilm apeosport_print_c5570_firmware *
fujifilm apeosport-vii_c7788_firmware *
fujifilm apeos_c7070_firmware *
fujifilm docucentre-vii_c6688_firmware *
fujifilm apeosport_c7070_firmware *
fujifilm apeos_c4570_g_firmware *
fujifilm apeosport-vii_c5573_firmware *
fujifilm apeosport_c2560_g_firmware *
fujifilm apeosport-vii_c4473_firmware *
fujifilm apeosport-vii_c3373_firmware *
fujifilm apeosport_c3570_firmware *
fujifilm apeosport_c6570_g_firmware *
fujifilm apeosport-vii_5021_firmware *
fujifilm apeos_c3070_firmware *
fujifilm apeos_c325_z_firmware *
fujifilm docuprint_3205_d_firmware *
fujifilm apeos_c5570_firmware *
fujifilm apeosport_c2060_firmware *
fujifilm apeos_c6580_firmware *
fujifilm docuprint_4405_d_firmware *
fujifilm apeosport_2560_g_firmware *
fujifilm apeosport_4570_g_firmware *
fujifilm apeosport-vii_4021_firmware *
fujifilm apeosport_5570_g_firmware *
fujifilm apeosport-vii_c3372_firmware *
fujifilm apeosprint_c325_dw_firmware *
fujifilm apeosport_c4570_g_firmware *
fujifilm apeospro_c750_firmware *
fujifilm apeosport-vii_c6773_firmware *
fujifilm apeos_c3070_g_firmware *
fujifilm apeos_c325_dw_firmware *
fujifilm apeosport_3560_g_firmware *
fujifilm docucentre-vii_c6673_firmware *
fujifilm apeosport_3060_firmware *
fujifilm apeosport-vii_cp4421_firmware *
fujifilm apeosprint_c328_dw_firmware *
fujifilm apeosprint_c328_firmware *
fujifilm docucentre-vii_c3372_firmware *
fujifilm apeosport_c3070_g_firmware *
fujifilm apeos_c3570_firmware *
fujifilm apeosport_c3070_firmware *
fujifilm primelink_c9070_firmware *
fujifilm apeosport_c4570_firmware *
fujifilm apeos_c7580_firmware *
fujifilm apeosport-vii_c3321_firmware *
fujifilm apeos_c7070_g_firmware *
fujifilm apeos_c328_df_firmware *
fujifilm apeos_c328_dw_firmware *
rambus safezone_basic_crypto_module *
fujifilm apeosport-vii_c6688_firmware *
fujifilm apeos_c6570_g_firmware *
fujifilm docucentre-vii_c7788_firmware *
fujifilm apeosport-vii_c4421_firmware *
fujifilm docucentre-vii_c5588_firmware *
fujifilm apeospro_c810_firmware *
fujifilm apeosport_c3570_g_firmware *
fujifilm docuprint_3505_d_firmware *
fujifilm apeos_c4570_firmware *
fujifilm docucentre-vii_c4473_firmware *
fujifilm docucentre-vii_c3373_firmware *
fujifilm apeos_c8180_firmware *
fujifilm apeosport-vii_c7773_firmware *
fujifilm apeosport-vii_p4021_firmware *
fujifilm apeospro_c650_firmware *
canon imageprograf_firmware *
fujifilm apeosport_4570_firmware *
fujifilm apeosport_c6570_firmware *
fujifilm docuprint_c2555_d_firmware *
fujifilm docuprint_3508_d_firmware *
fujifilm docucentre-vii_c5573_firmware *
canon imagerunner_firmware *
fujifilm apeosport_5570_firmware *
CVE-2022-37461

Multiple cross-site scripting (XSS) vulnerabilities in Canon Medical Vitrea View 7.x before 7.7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the input after the error subdirectory to the /vitrea-view/error/ subdirectory, or the (2) groupID, (3) offset, or (4) limit parameter to an Administrative Panel (Group and Users) page. There is a risk of an attacker retrieving patient information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
canon medical_vitrea_view *
CVE-2022-38765

Canon Medical Informatics Vitrea Vision 7.7.76.1 does not adequately enforce access controls. An authenticated user is able to gain unauthorized access to imaging records by tampering with the vitrea-view/studies/search patientId parameter.

Products Affected

Vendor Product Version
canon vitrea_view *
CVE-2022-43608

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.03 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the BJNP service. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16032.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
canon mf644cdw_firmware 10.03
CVE-2023-0851

Buffer overflow in CPCA Resource Download process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
canon i-sensys_lbp633cdw_firmware *
canon imageprograf_tc-20m_firmware *
canon mf267dw_ii_firmware *
canon maxify_gx4020_firmware *
canon i-sensys_mf744cdw_firmware *
canon mf746cdw_firmware *
canon lbp122dw_firmware *
canon mf741cdw_firmware *
canon mf262dw_ii_firmware *
canon mf644cdw_firmware *
canon mf272dw_firmware *
canon mf264dw_ii_firmware *
canon maxify_gx3020_firmware *
canon mf743cdw_firmware *
canon mf745cdw_firmware *
canon pixma_g4270_firmware *
canon mf273dw_firmware *
canon lbp622c_firmware *
canon mf269dw_ii_firmware *
canon pixma_g3270_firmware *
canon lbp664cdw_firmware *
canon i-sensys_lbp621cw_firmware *
canon mf269dw_vp_ii_firmware *
canon lbp621c_firmware *
canon i-sensys_x_c1127if_firmware *
canon lbp662c_firmware *
canon i-sensys_lbp623cdw_firmware *
canon imageprograf_tc-20_firmware *
canon lbp622cdw_firmware *
canon lbp623cdw_firmware *
canon i-sensys_mf645cx_firmware *
canon lbp1127c_firmware *
canon i-sensys_mf746cx_firmware *
canon mf1127c_firmware *
canon i-sensys_mf742cdw_firmware *
canon lbp661c_firmware *
canon i-sensys_x_c1127i_firmware *
canon i-sensys_mf643cdw_firmware *
canon mf642cdw_firmware *
canon i-sensys_x_c1127p_firmware *
canon mf641cw_firmware *
canon lbp664c_firmware *
canon mf275dw_firmware *
canon i-sensys_lbp664cx_firmware *
canon i-sensys_mf641cw_firmware *
CVE-2023-0852

Buffer overflow in the Address Book of Mobile Device function of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
canon i-sensys_lbp633cdw_firmware *
canon imageprograf_tc-20m_firmware *
canon mf267dw_ii_firmware *
canon maxify_gx4020_firmware *
canon i-sensys_mf744cdw_firmware *
canon mf746cdw_firmware *
canon lbp122dw_firmware *
canon mf741cdw_firmware *
canon mf262dw_ii_firmware *
canon mf644cdw_firmware *
canon mf272dw_firmware *
canon mf264dw_ii_firmware *
canon maxify_gx3020_firmware *
canon mf743cdw_firmware *
canon mf745cdw_firmware *
canon pixma_g4270_firmware *
canon mf273dw_firmware *
canon lbp622c_firmware *
canon mf269dw_ii_firmware *
canon pixma_g3270_firmware *
canon lbp664cdw_firmware *
canon i-sensys_lbp621cw_firmware *
canon mf269dw_vp_ii_firmware *
canon lbp621c_firmware *
canon i-sensys_x_c1127if_firmware *
canon lbp662c_firmware *
canon i-sensys_lbp623cdw_firmware *
canon imageprograf_tc-20_firmware *
canon lbp622cdw_firmware *
canon lbp623cdw_firmware *
canon i-sensys_mf645cx_firmware *
canon lbp1127c_firmware *
canon i-sensys_mf746cx_firmware *
canon mf1127c_firmware *
canon i-sensys_mf742cdw_firmware *
canon lbp661c_firmware *
canon i-sensys_x_c1127i_firmware *
canon i-sensys_mf643cdw_firmware *
canon mf642cdw_firmware *
canon i-sensys_x_c1127p_firmware *
canon mf641cw_firmware *
canon lbp664c_firmware *
canon mf275dw_firmware *
canon i-sensys_lbp664cx_firmware *
canon i-sensys_mf641cw_firmware *
CVE-2023-0853

Buffer overflow in mDNS NSEC record registering process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
canon i-sensys_lbp633cdw_firmware *
canon imageprograf_tc-20m_firmware *
canon mf267dw_ii_firmware *
canon maxify_gx4020_firmware *
canon i-sensys_mf744cdw_firmware *
canon mf746cdw_firmware *
canon lbp122dw_firmware *
canon mf741cdw_firmware *
canon mf262dw_ii_firmware *
canon mf644cdw_firmware *
canon mf272dw_firmware *
canon mf264dw_ii_firmware *
canon maxify_gx3020_firmware *
canon mf743cdw_firmware *
canon mf745cdw_firmware *
canon pixma_g4270_firmware *
canon mf273dw_firmware *
canon lbp622c_firmware *
canon mf269dw_ii_firmware *
canon pixma_g3270_firmware *
canon lbp664cdw_firmware *
canon i-sensys_lbp621cw_firmware *
canon mf269dw_vp_ii_firmware *
canon lbp621c_firmware *
canon i-sensys_x_c1127if_firmware *
canon lbp662c_firmware *
canon i-sensys_lbp623cdw_firmware *
canon imageprograf_tc-20_firmware *
canon lbp622cdw_firmware *
canon lbp623cdw_firmware *
canon i-sensys_mf645cx_firmware *
canon lbp1127c_firmware *
canon i-sensys_mf746cx_firmware *
canon mf1127c_firmware *
canon i-sensys_mf742cdw_firmware *
canon lbp661c_firmware *
canon i-sensys_x_c1127i_firmware *
canon i-sensys_mf643cdw_firmware *
canon mf642cdw_firmware *
canon i-sensys_x_c1127p_firmware *
canon mf641cw_firmware *
canon lbp664c_firmware *
canon mf275dw_firmware *
canon i-sensys_lbp664cx_firmware *
canon i-sensys_mf641cw_firmware *
CVE-2023-0854

Buffer overflow in NetBIOS QNAME registering and communication process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
canon i-sensys_lbp633cdw_firmware *
canon imageprograf_tc-20m_firmware *
canon mf267dw_ii_firmware *
canon maxify_gx4020_firmware *
canon i-sensys_mf744cdw_firmware *
canon mf746cdw_firmware *
canon lbp122dw_firmware *
canon mf741cdw_firmware *
canon mf262dw_ii_firmware *
canon mf644cdw_firmware *
canon mf272dw_firmware *
canon mf264dw_ii_firmware *
canon maxify_gx3020_firmware *
canon mf743cdw_firmware *
canon mf745cdw_firmware *
canon pixma_g4270_firmware *
canon mf273dw_firmware *
canon lbp622c_firmware *
canon mf269dw_ii_firmware *
canon pixma_g3270_firmware *
canon lbp664cdw_firmware *
canon i-sensys_lbp621cw_firmware *
canon mf269dw_vp_ii_firmware *
canon lbp621c_firmware *
canon i-sensys_x_c1127if_firmware *
canon lbp662c_firmware *
canon i-sensys_lbp623cdw_firmware *
canon imageprograf_tc-20_firmware *
canon lbp622cdw_firmware *
canon lbp623cdw_firmware *
canon i-sensys_mf645cx_firmware *
canon lbp1127c_firmware *
canon i-sensys_mf746cx_firmware *
canon mf1127c_firmware *
canon i-sensys_mf742cdw_firmware *
canon lbp661c_firmware *
canon i-sensys_x_c1127i_firmware *
canon i-sensys_mf643cdw_firmware *
canon mf642cdw_firmware *
canon i-sensys_x_c1127p_firmware *
canon mf641cw_firmware *
canon lbp664c_firmware *
canon mf275dw_firmware *
canon i-sensys_lbp664cx_firmware *
canon i-sensys_mf641cw_firmware *
CVE-2023-0855

Buffer overflow in IPP number-up attribute process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
canon i-sensys_lbp633cdw_firmware *
canon imageprograf_tc-20m_firmware *
canon mf267dw_ii_firmware *
canon maxify_gx4020_firmware *
canon i-sensys_mf744cdw_firmware *
canon mf746cdw_firmware *
canon lbp122dw_firmware *
canon mf741cdw_firmware *
canon mf262dw_ii_firmware *
canon mf644cdw_firmware *
canon mf272dw_firmware *
canon mf264dw_ii_firmware *
canon maxify_gx3020_firmware *
canon mf743cdw_firmware *
canon mf745cdw_firmware *
canon pixma_g4270_firmware *
canon mf273dw_firmware *
canon lbp622c_firmware *
canon mf269dw_ii_firmware *
canon pixma_g3270_firmware *
canon lbp664cdw_firmware *
canon i-sensys_lbp621cw_firmware *
canon mf269dw_vp_ii_firmware *
canon lbp621c_firmware *
canon i-sensys_x_c1127if_firmware *
canon lbp662c_firmware *
canon i-sensys_lbp623cdw_firmware *
canon imageprograf_tc-20_firmware *
canon lbp622cdw_firmware *
canon lbp623cdw_firmware *
canon i-sensys_mf645cx_firmware *
canon lbp1127c_firmware *
canon i-sensys_mf746cx_firmware *
canon mf1127c_firmware *
canon i-sensys_mf742cdw_firmware *
canon lbp661c_firmware *
canon i-sensys_x_c1127i_firmware *
canon i-sensys_mf643cdw_firmware *
canon mf642cdw_firmware *
canon i-sensys_x_c1127p_firmware *
canon mf641cw_firmware *
canon lbp664c_firmware *
canon mf275dw_firmware *
canon i-sensys_lbp664cx_firmware *
canon i-sensys_mf641cw_firmware *
CVE-2023-0856

Buffer overflow in IPP sides attribute process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
canon i-sensys_lbp633cdw_firmware *
canon imageprograf_tc-20m_firmware *
canon mf267dw_ii_firmware *
canon maxify_gx4020_firmware *
canon i-sensys_mf744cdw_firmware *
canon mf746cdw_firmware *
canon lbp122dw_firmware *
canon mf741cdw_firmware *
canon mf262dw_ii_firmware *
canon mf644cdw_firmware *
canon mf272dw_firmware *
canon mf264dw_ii_firmware *
canon maxify_gx3020_firmware *
canon mf743cdw_firmware *
canon mf745cdw_firmware *
canon pixma_g4270_firmware *
canon mf273dw_firmware *
canon lbp622c_firmware *
canon mf269dw_ii_firmware *
canon pixma_g3270_firmware *
canon lbp664cdw_firmware *
canon i-sensys_lbp621cw_firmware *
canon mf269dw_vp_ii_firmware *
canon lbp621c_firmware *
canon i-sensys_x_c1127if_firmware *
canon lbp662c_firmware *
canon i-sensys_lbp623cdw_firmware *
canon imageprograf_tc-20_firmware *
canon lbp622cdw_firmware *
canon lbp623cdw_firmware *
canon i-sensys_mf645cx_firmware *
canon lbp1127c_firmware *
canon i-sensys_mf746cx_firmware *
canon mf1127c_firmware *
canon i-sensys_mf742cdw_firmware *
canon lbp661c_firmware *
canon i-sensys_x_c1127i_firmware *
canon i-sensys_mf643cdw_firmware *
canon mf642cdw_firmware *
canon i-sensys_x_c1127p_firmware *
canon mf641cw_firmware *
canon lbp664c_firmware *
canon mf275dw_firmware *
canon i-sensys_lbp664cx_firmware *
canon i-sensys_mf641cw_firmware *
CVE-2023-0857

Unintentional change of settings during initial registration of system administrators which uses control protocols. The affected Office / Small Office Multifunction Printers and Laser Printers(*) may allow an attacker on the network segment to trigger unauthorized access to the product. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 2.2 3.6

Products Affected

Vendor Product Version
canon i-sensys_lbp633cdw_firmware *
canon imageprograf_tc-20m_firmware *
canon mf267dw_ii_firmware *
canon maxify_gx4020_firmware *
canon i-sensys_mf744cdw_firmware *
canon mf746cdw_firmware *
canon lbp122dw_firmware *
canon mf741cdw_firmware *
canon mf262dw_ii_firmware *
canon mf644cdw_firmware *
canon mf272dw_firmware *
canon mf264dw_ii_firmware *
canon maxify_gx3020_firmware *
canon mf743cdw_firmware *
canon mf745cdw_firmware *
canon pixma_g4270_firmware *
canon mf273dw_firmware *
canon lbp622c_firmware *
canon mf269dw_ii_firmware *
canon pixma_g3270_firmware *
canon lbp664cdw_firmware *
canon i-sensys_lbp621cw_firmware *
canon mf269dw_vp_ii_firmware *
canon lbp621c_firmware *
canon i-sensys_x_c1127if_firmware *
canon lbp662c_firmware *
canon i-sensys_lbp623cdw_firmware *
canon imageprograf_tc-20_firmware *
canon lbp622cdw_firmware *
canon lbp623cdw_firmware *
canon i-sensys_mf645cx_firmware *
canon lbp1127c_firmware *
canon i-sensys_mf746cx_firmware *
canon mf1127c_firmware *
canon i-sensys_mf742cdw_firmware *
canon lbp661c_firmware *
canon i-sensys_x_c1127i_firmware *
canon i-sensys_mf643cdw_firmware *
canon mf642cdw_firmware *
canon i-sensys_x_c1127p_firmware *
canon mf641cw_firmware *
canon lbp664c_firmware *
canon mf275dw_firmware *
canon i-sensys_lbp664cx_firmware *
canon i-sensys_mf641cw_firmware *
CVE-2023-0858

Improper Authentication of RemoteUI of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger unauthorized access to the product. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N 1.6 1.4

Products Affected

Vendor Product Version
canon i-sensys_lbp633cdw_firmware *
canon imageprograf_tc-20m_firmware *
canon mf267dw_ii_firmware *
canon maxify_gx4020_firmware *
canon i-sensys_mf744cdw_firmware *
canon mf746cdw_firmware *
canon lbp122dw_firmware *
canon mf741cdw_firmware *
canon mf262dw_ii_firmware *
canon mf644cdw_firmware *
canon mf272dw_firmware *
canon mf264dw_ii_firmware *
canon maxify_gx3020_firmware *
canon mf743cdw_firmware *
canon mf745cdw_firmware *
canon pixma_g4270_firmware *
canon mf273dw_firmware *
canon lbp622c_firmware *
canon mf269dw_ii_firmware *
canon pixma_g3270_firmware *
canon lbp664cdw_firmware *
canon i-sensys_lbp621cw_firmware *
canon mf269dw_vp_ii_firmware *
canon lbp621c_firmware *
canon i-sensys_x_c1127if_firmware *
canon lbp662c_firmware *
canon i-sensys_lbp623cdw_firmware *
canon imageprograf_tc-20_firmware *
canon lbp622cdw_firmware *
canon lbp623cdw_firmware *
canon i-sensys_mf645cx_firmware *
canon lbp1127c_firmware *
canon i-sensys_mf746cx_firmware *
canon mf1127c_firmware *
canon i-sensys_mf742cdw_firmware *
canon lbp661c_firmware *
canon i-sensys_x_c1127i_firmware *
canon i-sensys_mf643cdw_firmware *
canon mf642cdw_firmware *
canon i-sensys_x_c1127p_firmware *
canon mf641cw_firmware *
canon lbp664c_firmware *
canon mf275dw_firmware *
canon i-sensys_lbp664cx_firmware *
canon i-sensys_mf641cw_firmware *
CVE-2023-0859

Arbitrary Files can be installed in the Setting Data Import function of Office / Small Office Multifunction Printers and Laser Printers(*). *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 2.2 LOW CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N 0.7 1.4

Products Affected

Vendor Product Version
canon i-sensys_lbp633cdw_firmware *
canon imageprograf_tc-20m_firmware *
canon mf267dw_ii_firmware *
canon maxify_gx4020_firmware *
canon i-sensys_mf744cdw_firmware *
canon mf746cdw_firmware *
canon lbp122dw_firmware *
canon mf741cdw_firmware *
canon mf262dw_ii_firmware *
canon mf644cdw_firmware *
canon mf272dw_firmware *
canon mf264dw_ii_firmware *
canon maxify_gx3020_firmware *
canon mf743cdw_firmware *
canon mf745cdw_firmware *
canon pixma_g4270_firmware *
canon mf273dw_firmware *
canon lbp622c_firmware *
canon mf269dw_ii_firmware *
canon pixma_g3270_firmware *
canon lbp664cdw_firmware *
canon i-sensys_lbp621cw_firmware *
canon mf269dw_vp_ii_firmware *
canon lbp621c_firmware *
canon i-sensys_x_c1127if_firmware *
canon lbp662c_firmware *
canon i-sensys_lbp623cdw_firmware *
canon imageprograf_tc-20_firmware *
canon lbp622cdw_firmware *
canon lbp623cdw_firmware *
canon i-sensys_mf645cx_firmware *
canon lbp1127c_firmware *
canon i-sensys_mf746cx_firmware *
canon mf1127c_firmware *
canon i-sensys_mf742cdw_firmware *
canon lbp661c_firmware *
canon i-sensys_x_c1127i_firmware *
canon i-sensys_mf643cdw_firmware *
canon mf642cdw_firmware *
canon i-sensys_x_c1127p_firmware *
canon mf641cw_firmware *
canon lbp664c_firmware *
canon mf275dw_firmware *
canon i-sensys_lbp664cx_firmware *
canon i-sensys_mf641cw_firmware *
CVE-2023-1763

Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive information on the Wi-Fi connection setup of the printer from the software.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
canon ij_network_tool *
CVE-2023-1764

Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive information on the Wi-Fi connection setup of the printer from the communication of the software.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
canon ij_network_tool *
CVE-2023-6229

Buffer overflow in CPCA PDL Resource Download process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f98c90f0-e9bd-4fa7-911b-51993f3571fd 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
canon i-sensys_mf752cdw_firmware *
canon mf1333c_firmware *
canon mf1643i_ii_firmware *
canon i-sensys_x_c1333p_firmware *
canon mf1643if_ii_firmware *
canon mf753cdw_firmware *
canon lbp122dw_firmware *
canon lbp674cdw_firmware *
canon mf751cdw_firmware *
canon mf272dw_firmware *
canon mf455dw_firmware *
canon lbp671c_firmware *
canon lbp237dw_firmware *
canon i-sensys_x_c1333if_firmware *
canon i-sensys_mf754cdw_firmware *
canon mf1238_ii_firmware *
canon mf273dw_firmware *
canon lbp1333c_firmware *
canon mf451dw_firmware *
canon lbp672c_firmware *
canon lbp236dw_firmware *
canon i-sensys_lbp673cdw_firmware *
canon mf453dw_firmware *
canon lbp674c_firmware *
canon mf452dw_firmware *
canon lbp1238_ii_firmware *
canon i-sensys_x_c1333i_firmware *
canon mf755cdw_firmware *
canon mf275dw_firmware *
CVE-2023-6230

Buffer overflow in the Address Book password process in authentication of Mobile Device Function of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f98c90f0-e9bd-4fa7-911b-51993f3571fd 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
canon i-sensys_mf752cdw_firmware *
canon mf1333c_firmware *
canon mf1643i_ii_firmware *
canon i-sensys_x_c1333p_firmware *
canon mf1643if_ii_firmware *
canon mf753cdw_firmware *
canon lbp122dw_firmware *
canon lbp674cdw_firmware *
canon mf751cdw_firmware *
canon mf272dw_firmware *
canon mf455dw_firmware *
canon lbp671c_firmware *
canon lbp237dw_firmware *
canon i-sensys_x_c1333if_firmware *
canon i-sensys_mf754cdw_firmware *
canon mf1238_ii_firmware *
canon mf273dw_firmware *
canon lbp1333c_firmware *
canon mf451dw_firmware *
canon lbp672c_firmware *
canon lbp236dw_firmware *
canon i-sensys_lbp673cdw_firmware *
canon mf453dw_firmware *
canon lbp674c_firmware *
canon mf452dw_firmware *
canon lbp1238_ii_firmware *
canon i-sensys_x_c1333i_firmware *
canon mf755cdw_firmware *
canon mf275dw_firmware *
CVE-2023-6231

Buffer overflow in WSD probe request process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f98c90f0-e9bd-4fa7-911b-51993f3571fd 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
canon i-sensys_mf752cdw_firmware *
canon mf1333c_firmware *
canon mf1643i_ii_firmware *
canon i-sensys_x_c1333p_firmware *
canon mf1643if_ii_firmware *
canon mf753cdw_firmware *
canon lbp122dw_firmware *
canon lbp674cdw_firmware *
canon mf751cdw_firmware *
canon mf272dw_firmware *
canon mf455dw_firmware *
canon lbp671c_firmware *
canon lbp237dw_firmware *
canon i-sensys_x_c1333if_firmware *
canon i-sensys_mf754cdw_firmware *
canon mf1238_ii_firmware *
canon mf273dw_firmware *
canon lbp1333c_firmware *
canon mf451dw_firmware *
canon lbp672c_firmware *
canon lbp236dw_firmware *
canon i-sensys_lbp673cdw_firmware *
canon mf453dw_firmware *
canon lbp674c_firmware *
canon mf452dw_firmware *
canon lbp1238_ii_firmware *
canon i-sensys_x_c1333i_firmware *
canon mf755cdw_firmware *
canon mf275dw_firmware *
CVE-2023-6232

Buffer overflow in the Address Book username process in authentication of Mobile Device Function of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f98c90f0-e9bd-4fa7-911b-51993f3571fd 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
canon i-sensys_mf752cdw_firmware *
canon mf1333c_firmware *
canon mf1643i_ii_firmware *
canon i-sensys_x_c1333p_firmware *
canon mf1643if_ii_firmware *
canon mf753cdw_firmware *
canon lbp122dw_firmware *
canon lbp674cdw_firmware *
canon mf751cdw_firmware *
canon mf272dw_firmware *
canon mf455dw_firmware *
canon lbp671c_firmware *
canon lbp237dw_firmware *
canon i-sensys_x_c1333if_firmware *
canon i-sensys_mf754cdw_firmware *
canon mf1238_ii_firmware *
canon mf273dw_firmware *
canon lbp1333c_firmware *
canon mf451dw_firmware *
canon lbp672c_firmware *
canon lbp236dw_firmware *
canon i-sensys_lbp673cdw_firmware *
canon mf453dw_firmware *
canon lbp674c_firmware *
canon mf452dw_firmware *
canon lbp1238_ii_firmware *
canon i-sensys_x_c1333i_firmware *
canon mf755cdw_firmware *
canon mf275dw_firmware *
CVE-2023-6233

Buffer overflow in SLP attribute request process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
f98c90f0-e9bd-4fa7-911b-51993f3571fd 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
canon i-sensys_mf752cdw_firmware *
canon mf1333c_firmware *
canon mf1643i_ii_firmware *
canon i-sensys_x_c1333p_firmware *
canon mf1643if_ii_firmware *
canon mf753cdw_firmware *
canon lbp122dw_firmware *
canon lbp674cdw_firmware *
canon mf751cdw_firmware *
canon mf272dw_firmware *
canon mf455dw_firmware *
canon lbp671c_firmware *
canon lbp237dw_firmware *
canon i-sensys_x_c1333if_firmware *
canon i-sensys_mf754cdw_firmware *
canon mf1238_ii_firmware *
canon mf273dw_firmware *
canon lbp1333c_firmware *
canon mf451dw_firmware *
canon lbp672c_firmware *
canon lbp236dw_firmware *
canon i-sensys_lbp673cdw_firmware *
canon mf453dw_firmware *
canon lbp674c_firmware *
canon mf452dw_firmware *
canon lbp1238_ii_firmware *
canon i-sensys_x_c1333i_firmware *
canon mf755cdw_firmware *
canon mf275dw_firmware *
CVE-2023-6234

Buffer overflow in CPCA Color LUT Resource Download process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
f98c90f0-e9bd-4fa7-911b-51993f3571fd 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
canon i-sensys_mf752cdw_firmware *
canon mf1333c_firmware *
canon mf1643i_ii_firmware *
canon i-sensys_x_c1333p_firmware *
canon mf1643if_ii_firmware *
canon mf753cdw_firmware *
canon lbp122dw_firmware *
canon lbp674cdw_firmware *
canon mf751cdw_firmware *
canon mf272dw_firmware *
canon mf455dw_firmware *
canon lbp671c_firmware *
canon lbp237dw_firmware *
canon i-sensys_x_c1333if_firmware *
canon i-sensys_mf754cdw_firmware *
canon mf1238_ii_firmware *
canon mf273dw_firmware *
canon lbp1333c_firmware *
canon mf451dw_firmware *
canon lbp672c_firmware *
canon lbp236dw_firmware *
canon i-sensys_lbp673cdw_firmware *
canon mf453dw_firmware *
canon lbp674c_firmware *
canon mf452dw_firmware *
canon lbp1238_ii_firmware *
canon i-sensys_x_c1333i_firmware *
canon mf755cdw_firmware *
canon mf275dw_firmware *
CVE-2024-0244

Buffer overflow in CPCA PCFAX number process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*:Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS MF750C Series/Color imageCLASS X MF1333C firmware v03.07 and earlier sold in US. i-SENSYS MF754Cdw/C1333iF firmware v03.07 and earlier sold in Europe.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f98c90f0-e9bd-4fa7-911b-51993f3571fd 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
canon mf1333c_firmware *
canon mf755cdw_firmware *
canon mf753cdw_firmware *
canon lbp1333c_firmware *
canon i-sensys_x_c1333if_firmware *
canon i-sensys_mf754cdw_firmware *
canon mf751cdw_firmware *
CVE-2024-12647

Buffer overflow in CPCA font download processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw firmware v05.04 and earlier sold in Japan. Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw firmware v05.04 and earlier sold in US. i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw firmware v05.04 and earlier sold in Europe.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f98c90f0-e9bd-4fa7-911b-51993f3571fd 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
canon mf653cdw_firmware *
canon lbp632cdw_firmware *
canon mf1643i_ii_firmware *
canon mf1643if_ii_firmware *
canon mf652cw_firmware *
canon lbp1440_firmware *
canon mf1440_firmware *
canon lbp246dw_firmware *
canon mf451dw_firmware *
canon lbp236dw_firmware *
canon mf656cdw_firmware *
canon mf453dw_firmware *
canon mf452dw_firmware *
canon mf455dw_firmware *
canon lbp1238_ii_firmware *
canon lbp633cdw_firmware *
canon mf462dw_firmware *
canon lbp237dw_firmware *
canon mf465dw_firmware *
canon lbp247dw_firmware *
canon mf1238_ii_firmware *
canon mf654cdw_firmware *
CVE-2024-12648

Buffer overflow in TIFF data EXIF tag processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw firmware v05.04 and earlier sold in Japan. Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw firmware v05.04 and earlier sold in US. i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw firmware v05.04 and earlier sold in Europe.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f98c90f0-e9bd-4fa7-911b-51993f3571fd 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
canon mf653cdw_firmware *
canon lbp632cdw_firmware *
canon mf1643i_ii_firmware *
canon mf1643if_ii_firmware *
canon mf652cw_firmware *
canon lbp1440_firmware *
canon mf1440_firmware *
canon lbp246dw_firmware *
canon mf451dw_firmware *
canon lbp236dw_firmware *
canon mf656cdw_firmware *
canon mf453dw_firmware *
canon mf452dw_firmware *
canon mf455dw_firmware *
canon lbp1238_ii_firmware *
canon lbp633cdw_firmware *
canon mf462dw_firmware *
canon lbp237dw_firmware *
canon mf465dw_firmware *
canon lbp247dw_firmware *
canon mf1238_ii_firmware *
canon mf654cdw_firmware *
CVE-2024-12649

Buffer overflow in XPS data font processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw firmware v05.04 and earlier sold in Japan. Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw firmware v05.04 and earlier sold in US. i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw firmware v05.04 and earlier sold in Europe.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f98c90f0-e9bd-4fa7-911b-51993f3571fd 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
canon mf653cdw_firmware *
canon lbp632cdw_firmware *
canon mf1643i_ii_firmware *
canon mf1643if_ii_firmware *
canon mf652cw_firmware *
canon lbp1440_firmware *
canon mf1440_firmware *
canon lbp246dw_firmware *
canon mf451dw_firmware *
canon lbp236dw_firmware *
canon mf656cdw_firmware *
canon mf453dw_firmware *
canon mf452dw_firmware *
canon mf455dw_firmware *
canon lbp1238_ii_firmware *
canon lbp633cdw_firmware *
canon mf462dw_firmware *
canon lbp237dw_firmware *
canon mf465dw_firmware *
canon lbp247dw_firmware *
canon mf1238_ii_firmware *
canon mf654cdw_firmware *
CVE-2025-14231

Buffer overflow in print job processing by WSD on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f98c90f0-e9bd-4fa7-911b-51993f3571fd 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
canon mf653cdw_firmware *
canon lbp632cdw_firmware *
canon mf1643i_ii_firmware *
canon mf1643if_ii_firmware *
canon mf652cw_firmware *
canon mf451dw_firmware *
canon lbp236dw_firmware *
canon mf656cdw_firmware *
canon mf453dw_firmware *
canon mf452dw_firmware *
canon mf455dw_firmware *
canon lbp1238_ii_firmware *
canon lbp633cdw_firmware *
canon lbp237dw_firmware *
canon mf1238_ii_firmware *
canon mf654cdw_firmware *
CVE-2025-14232

Buffer overflow in XML processing of XPS file in Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f98c90f0-e9bd-4fa7-911b-51993f3571fd 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
canon mf653cdw_firmware *
canon lbp632cdw_firmware *
canon mf1643i_ii_firmware *
canon mf1643if_ii_firmware *
canon mf652cw_firmware *
canon mf451dw_firmware *
canon lbp236dw_firmware *
canon mf656cdw_firmware *
canon mf453dw_firmware *
canon mf452dw_firmware *
canon mf455dw_firmware *
canon lbp1238_ii_firmware *
canon lbp633cdw_firmware *
canon lbp237dw_firmware *
canon mf1238_ii_firmware *
canon mf654cdw_firmware *
CVE-2025-14233

Invalid free in CPCA file deletion processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f98c90f0-e9bd-4fa7-911b-51993f3571fd 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
canon mf653cdw_firmware *
canon lbp632cdw_firmware *
canon mf1643i_ii_firmware *
canon mf1643if_ii_firmware *
canon mf652cw_firmware *
canon mf451dw_firmware *
canon lbp236dw_firmware *
canon mf656cdw_firmware *
canon mf453dw_firmware *
canon mf452dw_firmware *
canon mf455dw_firmware *
canon lbp1238_ii_firmware *
canon lbp633cdw_firmware *
canon lbp237dw_firmware *
canon mf1238_ii_firmware *
canon mf654cdw_firmware *
CVE-2025-14234

Buffer overflow in CPCA list processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f98c90f0-e9bd-4fa7-911b-51993f3571fd 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
canon mf653cdw_firmware *
canon lbp632cdw_firmware *
canon mf1643i_ii_firmware *
canon mf1643if_ii_firmware *
canon mf652cw_firmware *
canon mf451dw_firmware *
canon lbp236dw_firmware *
canon mf656cdw_firmware *
canon mf453dw_firmware *
canon mf452dw_firmware *
canon mf455dw_firmware *
canon lbp1238_ii_firmware *
canon lbp633cdw_firmware *
canon lbp237dw_firmware *
canon mf1238_ii_firmware *
canon mf654cdw_firmware *
CVE-2025-14235

Buffer overflow in XPS font fpgm data processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f98c90f0-e9bd-4fa7-911b-51993f3571fd 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
canon mf653cdw_firmware *
canon lbp632cdw_firmware *
canon mf1643i_ii_firmware *
canon mf1643if_ii_firmware *
canon mf652cw_firmware *
canon mf451dw_firmware *
canon lbp236dw_firmware *
canon mf656cdw_firmware *
canon mf453dw_firmware *
canon mf452dw_firmware *
canon mf455dw_firmware *
canon lbp1238_ii_firmware *
canon lbp633cdw_firmware *
canon lbp237dw_firmware *
canon mf1238_ii_firmware *
canon mf654cdw_firmware *
CVE-2025-14236

Buffer overflow in Address Book attribute tag processing on Small Office Multifunction Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f98c90f0-e9bd-4fa7-911b-51993f3571fd 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
canon mf653cdw_firmware *
canon lbp632cdw_firmware *
canon mf1643i_ii_firmware *
canon mf1643if_ii_firmware *
canon mf652cw_firmware *
canon mf451dw_firmware *
canon lbp236dw_firmware *
canon mf656cdw_firmware *
canon mf453dw_firmware *
canon mf452dw_firmware *
canon mf455dw_firmware *
canon lbp1238_ii_firmware *
canon lbp633cdw_firmware *
canon lbp237dw_firmware *
canon mf1238_ii_firmware *
canon mf654cdw_firmware *
CVE-2025-14237

Buffer overflow in XPS font parse processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f98c90f0-e9bd-4fa7-911b-51993f3571fd 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
canon mf653cdw_firmware *
canon lbp632cdw_firmware *
canon mf1643i_ii_firmware *
canon mf1643if_ii_firmware *
canon mf652cw_firmware *
canon mf451dw_firmware *
canon lbp236dw_firmware *
canon mf656cdw_firmware *
canon mf453dw_firmware *
canon mf452dw_firmware *
canon mf455dw_firmware *
canon lbp1238_ii_firmware *
canon lbp633cdw_firmware *
canon lbp237dw_firmware *
canon mf1238_ii_firmware *
canon mf654cdw_firmware *
CVE-2025-2146

Buffer overflow in WebService Authentication processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw/Satera MF551dw/Satera MF457dw firmware v05.07 and earlier sold in Japan. Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw/imageCLASS MF455dw/imageCLASS MF453dw/imageCLASS MF452dw/imageCLASS MF451dw/imageCLASS LBP237dw/imageCLASS LBP236dw/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II/imageCLASS X LBP1238 II firmware v05.07 and earlier sold in US. i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw/i-SENSYS MF553dw/i-SENSYS MF552dw/i-SENSYS MF455dw/i-SENSYS MF453dw/i-SENSYS LBP236dw/i-SENSYS LBP233dw/imageRUNNER 1643iF II/imageRUNNER 1643i II/i-SENSYS X 1238iF II/i-SENSYS X 1238i II/i-SENSYS X 1238P II/i-SENSYS X 1238Pr II firmware v05.07 and earlier sold in Europe.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
f98c90f0-e9bd-4fa7-911b-51993f3571fd 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
canon i-sensys_lbp633cdw_firmware *
canon i-sensys_mf552dw_firmware *
canon satera_mf457dw_firmware *
canon i-sensys_mf453dw_firmware *
canon imageclass_mf652cdw_firmware *
canon imageclass_mf453dw_firmware *
canon imageclass_mf656cdw_firmware *
canon imageclass_lbp236dw_firmware *
canon i-sensys_x_1238i_ii_firmware *
canon imageclass_mf455dw_firmware *
canon imagerunner_1643if_ii_firmware *
canon imageclass_x_mf1643if_ii_firmware *
canon imageclass_x_lbp1238_ii_firmware *
canon imageclass_lbp633cdw_firmware *
canon i-sensys_lbp631cdw_firmware *
canon satera_mf654cdw_firmware *
canon satera_mf656cdw_firmware *
canon imageclass_mf452dw_firmware *
canon imageclass_mf654cdw_firmware *
canon imageclass_mf451dw_firmware *
canon imageclass_lbp237dw_firmware *
canon imagerunner_1643i_ii_firmware *
canon i-sensys_x_1238p_ii_firmware *
canon satera_mf551dw_firmware *
canon i-sensys_mf651cdw_firmware *
canon imageclass_lbp632cdw_firmware *
canon i-sensys_lbp236dw_firmware *
canon imageclass_mf653cdw_firmware *
canon imageclass_x_mf1643i_ii_firmware *
canon i-sensys_mf553dw_firmware *
canon i-sensys_mf657cdw_firmware *
canon i-sensys_mf655cdw_firmware *
canon imageclass_x_mf1238_ii_firmware *
canon i-sensys_mf455dw_firmware *
canon i-sensys_x_1238pr_ii_firmware *
canon i-sensys_x_1238if_ii_firmware *
canon i-sensys_lbp233dw_firmware *