OpenCVE

The default configuration of the administrative interface on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers does not require authentication, which allows remote attackers to modify the configuration by visiting the Advanced page. NOTE: the vendor has apparently responded by stating "for user convenience, the default setting does not require a password. However, if a user has a particular concern about third parties accessing the user's home printer, the default setting can be changed to add a password."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canon	Mg3100 Printer Mg5300 Printer Mg6100 Printer Mp340 Printer Mp495 Printer Mx870 Printer Mx890 Printer Mx920 Printer Mx922 Printer

Configuration 1 [-]

OR	cpe:2.3:h:canon:mg3100_printer:-:::::::*
	cpe:2.3:h:canon:mg5300_printer:-:::::::*
	cpe:2.3:h:canon:mg6100_printer:-:::::::*
	cpe:2.3:h:canon:mp340_printer:-:::::::*
	cpe:2.3:h:canon:mp495_printer:-:::::::*
	cpe:2.3:h:canon:mx870_printer:-:::::::*
	cpe:2.3:h:canon:mx890_printer:-:::::::*
	cpe:2.3:h:canon:mx920_printer:-:::::::*
	cpe:2.3:h:canon:mx922_printer:-:::::::*

No data.

References

Link	Providers
http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0146.html
http://www.mattandreko.com/2013/06/canon-y-u-no-security.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2013-06-21T21:00:00Z

Updated: 2024-09-16T17:27:45.686Z

Reserved: 2013-06-17T00:00:00Z

Link: CVE-2013-4613

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2013-06-21T21:55:01.007

Modified: 2013-06-24T22:28:45.893

Link: CVE-2013-4613

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The default configuration of the administrative interface on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers does not require authentication, which allows remote attackers to modify the configuration by visiting the Advanced page. NOTE: the vendor has apparently responded by stating \"for user convenience, the default setting does not require a password. However, if a user has a particular concern about third parties accessing the user's home printer, the default setting can be changed to add a password.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-06-21T21:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.mattandreko.com/2013/06/canon-y-u-no-security.html"}, {"name": "20130618 Canon Wireless Printer Disclosure & DoS", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0146.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-4613", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The default configuration of the administrative interface on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers does not require authentication, which allows remote attackers to modify the configuration by visiting the Advanced page. NOTE: the vendor has apparently responded by stating \"for user convenience, the default setting does not require a password. However, if a user has a particular concern about third parties accessing the user's home printer, the default setting can be changed to add a password.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.mattandreko.com/2013/06/canon-y-u-no-security.html", "refsource": "MISC", "url": "http://www.mattandreko.com/2013/06/canon-y-u-no-security.html"}, {"name": "20130618 Canon Wireless Printer Disclosure & DoS", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0146.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:52:26.927Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.mattandreko.com/2013/06/canon-y-u-no-security.html"}, {"name": "20130618 Canon Wireless Printer Disclosure & DoS", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0146.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-4613", "datePublished": "2013-06-21T21:00:00Z", "dateReserved": "2013-06-17T00:00:00Z", "dateUpdated": "2024-09-16T17:27:45.686Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:canon:mg3100_printer:-:*:*:*:*:*:*:*", "matchCriteriaId": "CA808CB1-E232-45A7-8913-03DDD4D967AA", "vulnerable": true}, {"criteria": "cpe:2.3:h:canon:mg5300_printer:-:*:*:*:*:*:*:*", "matchCriteriaId": "4A7BF24E-0FE5-41E6-B4AF-5CEC5ED0AB3E", "vulnerable": true}, {"criteria": "cpe:2.3:h:canon:mg6100_printer:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C007C65-9187-4593-B236-025831220B8C", "vulnerable": true}, {"criteria": "cpe:2.3:h:canon:mp340_printer:-:*:*:*:*:*:*:*", "matchCriteriaId": "F038B929-787C-4350-B1A4-F2E0F12969FE", "vulnerable": true}, {"criteria": "cpe:2.3:h:canon:mp495_printer:-:*:*:*:*:*:*:*", "matchCriteriaId": "6A7687B9-537C-47CB-AA7B-DE57725B6E89", "vulnerable": true}, {"criteria": "cpe:2.3:h:canon:mx870_printer:-:*:*:*:*:*:*:*", "matchCriteriaId": "555BD45B-2B53-42BE-B76B-03205EADD821", "vulnerable": true}, {"criteria": "cpe:2.3:h:canon:mx890_printer:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD762566-16C3-4391-B3C4-A0247AA082AF", "vulnerable": true}, {"criteria": "cpe:2.3:h:canon:mx920_printer:-:*:*:*:*:*:*:*", "matchCriteriaId": "C74EB1F2-29DA-4835-B2D0-AB96CB1B4FB2", "vulnerable": true}, {"criteria": "cpe:2.3:h:canon:mx922_printer:-:*:*:*:*:*:*:*", "matchCriteriaId": "08F6F82C-6EF6-40E6-A6C5-D2B4952B02FC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The default configuration of the administrative interface on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers does not require authentication, which allows remote attackers to modify the configuration by visiting the Advanced page. NOTE: the vendor has apparently responded by stating \"for user convenience, the default setting does not require a password. However, if a user has a particular concern about third parties accessing the user's home printer, the default setting can be changed to add a password.\""}, {"lang": "es", "value": "La configuraci\u00f3n por defecto de la interfaz de administraci\u00f3n en las impresoras Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920 y MX922 no requiere autenticaci\u00f3n, lo que permite a atacantes remotos modificar la configuraci\u00f3n visitando la p\u00e1gina de opciones avanzadas. NOTA: el vendedor al parecer ha respondido afirmando que \"para mayor comodidad del usuario, la configuraci\u00f3n por defecto no requiere una contrase\u00f1a. Sin embargo, un usuario puede cambiar la configuraci\u00f3n por defecto y a\u00f1adir una contrase\u00f1a \"."}], "id": "CVE-2013-4613", "lastModified": "2013-06-24T22:28:45.893", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-06-21T21:55:01.007", "references": [{"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0146.html"}, {"source": "cve@mitre.org", "url": "http://www.mattandreko.com/2013/06/canon-y-u-no-security.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}