Canon MX340/MP495/MX870/MX890/MX920/MG3100/MG5300/MG6100 Admin Interface wls_set_content.html credentials management
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.5 | $0-$5k | 0.00 |
Summary
A vulnerability classified as problematic was found in Canon MX340, MP495, MX870, MX890, MX920, MG3100, MG5300 and MG6100. Affected by this vulnerability is an unknown functionality of the file English/pages_MacUS/wls_set_content.html of the component Admin Interface. The manipulation as part of WPA2 Password results in credentials management. This vulnerability is known as CVE-2013-4614. Furthermore, an exploit is available. Applying restrictive firewalling is recommended.
Details
A vulnerability was found in Canon MX340, MP495, MX870, MX890, MX920, MG3100, MG5300 and MG6100. It has been classified as problematic. Affected is an unknown function of the file English/pages_MacUS/wls_set_content.html of the component Admin Interface. The manipulation as part of a WPA2 Password leads to a credentials management vulnerability. CWE is classifying the issue as CWE-255. This is going to have an impact on confidentiality, and integrity. CVE summarizes:
English/pages_MacUS/wls_set_content.html on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers shows the Wi-Fi PSK passphrase in cleartext, which allows physically proximate attackers to obtain sensitive information by reading the screen of an unattended workstation.
The weakness was published 06/18/2013 by Matt Andreko as Canon, Y U NO Security? as not defined advisory (Website). The advisory is shared for download at mattandreko.com. The public release happened without coordination with the vendor. This vulnerability is traded as CVE-2013-4614 since 06/17/2013. The attack needs to approached within the local network. The successful exploitation requires a authentication. Technical details and a public exploit are known. The MITRE ATT&CK project declares the attack technique as T1552.
A public exploit has been developed by Matt Andreko and been published immediately after the advisory. The exploit is shared for download at mattandreko.com. It is declared as highly functional. By approaching the search of inurl:English/pages_MacUS/wls_set_content.html it is possible to find vulnerable targets with Google Hacking. The vulnerability scanner Nessus provides a plugin with the ID 73376 (Canon PIXMA Printer WLAN Credential Disclosure), which helps to determine the existence of the flaw in a target environment. It is assigned to the family CGI abuses. The commercial vulnerability scanner Qualys is able to test this issue with plugin 43282 (Canon Printers Multiple Vulnerabilities).
It is possible to mitigate the weakness by firewalling .
The vulnerability is also documented in the databases at Tenable (73376), SecurityFocus (BID 60601†), OSVDB (94417†) and Vulnerability Center (SBV-40113†). Further details are available at seclists.org. Similar entries are available at VDB-9241 and VDB-9242. VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Vendor
Name
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.6VulDB Meta Temp Score: 4.5
VulDB Base Score: 4.6
VulDB Temp Score: 4.5
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Credentials managementCWE: CWE-255
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Partially
Availability: 🔍
Access: Public
Status: Highly functional
Author: Matt Andreko
Download: 🔍
Google Hack: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 73376
Nessus Name: Canon PIXMA Printer WLAN Credential Disclosure
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
MetaSploit ID: canon_wireless.rb
MetaSploit Name: Canon Printer Wireless Configuration Disclosure
MetaSploit File: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: FirewallStatus: 🔍
0-Day Time: 🔍
Exploit Delay Time: 🔍
Timeline
06/17/2013 🔍06/18/2013 🔍
06/18/2013 🔍
06/18/2013 🔍
06/18/2013 🔍
06/21/2013 🔍
06/21/2013 🔍
06/23/2013 🔍
04/07/2014 🔍
06/20/2024 🔍
Sources
Advisory: Canon, Y U NO Security?Researcher: Matt Andreko
Status: Not defined
CVE: CVE-2013-4614 (🔍)
GCVE (CVE): GCVE-0-2013-4614
GCVE (VulDB): GCVE-100-9240
SecurityFocus: 60601 - Multiple Canon Printers CVE-2013-4614 Information Disclosure Vulnerability
OSVDB: 94417
Vulnerability Center: 40113 - Canon Wireless Printer Remote Information Disclosure Vulnerability, Medium
scip Labs: https://www.scip.ch/en/?labs.20161013
Misc.: 🔍
See also: 🔍
Entry
Created: 06/21/2013 23:33Updated: 06/20/2024 07:06
Changes: 06/21/2013 23:33 (82), 05/03/2017 16:39 (2), 05/17/2021 10:07 (3), 06/20/2024 07:06 (15)
Complete: 🔍
Cache ID: 216::103
VulDB is the best source for vulnerability data and more expert information about this specific topic.
No comments yet. Languages: en.
Please log in to comment.