Vulnerability Description
An issue was discovered on Canon LBP6650, LBP3370, LBP3460, and LBP7750C devices. It is possible to bypass the Administrator Mode authentication for /tlogin.cgi via vectors involving frame.cgi?page=DevStatus. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Canon | Lbp3370 Firmware | - |
| Canon | Lbp3370 | - |
| Canon | Lbp3460 Firmware | - |
| Canon | Lbp3460 | - |
| Canon | Lbp7750C Firmware | - |
| Canon | Lbp7750C | - |
| Canon | Lbp6650 Firmware | - |
| Canon | Lbp6650 | - |
Related Weaknesses (CWE)
References
- https://gist.github.com/huykha/2dfbe97810e96a05e67359fd9e7cc9ffBroken LinkThird Party Advisory
- https://www.exploit-db.com/exploits/44844/Broken LinkThird Party AdvisoryVDB Entry
- https://gist.github.com/huykha/2dfbe97810e96a05e67359fd9e7cc9ffBroken LinkThird Party Advisory
- https://www.exploit-db.com/exploits/44844/Broken LinkThird Party AdvisoryVDB Entry
FAQ
What is CVE-2018-11692?
CVE-2018-11692 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered on Canon LBP6650, LBP3370, LBP3460, and LBP7750C devices. It is possible to bypass the Administrator Mode authentication for /tlogin.cgi via vectors involving frame.cgi?page=De...
How severe is CVE-2018-11692?
CVE-2018-11692 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-11692?
Check the references section above for vendor advisories and patch information. Affected products include: Canon Lbp3370 Firmware, Canon Lbp3370, Canon Lbp3460 Firmware, Canon Lbp3460, Canon Lbp7750C Firmware.