Vulnerability Description
The default configuration of the administrative interface on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers does not require authentication, which allows remote attackers to modify the configuration by visiting the Advanced page. NOTE: the vendor has apparently responded by stating "for user convenience, the default setting does not require a password. However, if a user has a particular concern about third parties accessing the user's home printer, the default setting can be changed to add a password."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Canon | Mg3100 Printer | - |
| Canon | Mg5300 Printer | - |
| Canon | Mg6100 Printer | - |
| Canon | Mp340 Printer | - |
| Canon | Mp495 Printer | - |
| Canon | Mx870 Printer | - |
| Canon | Mx890 Printer | - |
| Canon | Mx920 Printer | - |
| Canon | Mx922 Printer | - |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0146.html
- http://www.mattandreko.com/2013/06/canon-y-u-no-security.html
- http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0146.html
- http://www.mattandreko.com/2013/06/canon-y-u-no-security.html
FAQ
What is CVE-2013-4613?
CVE-2013-4613 is a vulnerability with a CVSS score of 7.5 (HIGH). The default configuration of the administrative interface on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers does not require authentication, which allows remot...
How severe is CVE-2013-4613?
CVE-2013-4613 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4613?
Check the references section above for vendor advisories and patch information. Affected products include: Canon Mg3100 Printer, Canon Mg5300 Printer, Canon Mg6100 Printer, Canon Mp340 Printer, Canon Mp495 Printer.