Vulnerability Description
The Canon Oce Colorwave 500 4.0.0.0 printer's web application is missing any form of CSRF protections. This is a system-wide issue. An attacker could perform administrative actions by targeting a logged-in administrative user. NOTE: this is fixed in the latest version.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Canon | Oce Colorwave 500 Firmware | <= 4.0.0.0 |
| Canon | Oce Colorwave 500 | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/156833/Oce-Colorwave-500-CSRF-XSS-AuthenticThird Party AdvisoryVDB Entry
- https://www.redtimmy.com/red-teaming/hacking-the-oce-colorwave-printer-when-a-quExploitThird Party Advisory
- http://packetstormsecurity.com/files/156833/Oce-Colorwave-500-CSRF-XSS-AuthenticThird Party AdvisoryVDB Entry
- https://www.redtimmy.com/red-teaming/hacking-the-oce-colorwave-printer-when-a-quExploitThird Party Advisory
FAQ
What is CVE-2020-10671?
CVE-2020-10671 is a vulnerability with a CVSS score of 8.8 (HIGH). The Canon Oce Colorwave 500 4.0.0.0 printer's web application is missing any form of CSRF protections. This is a system-wide issue. An attacker could perform administrative actions by targeting a logg...
How severe is CVE-2020-10671?
CVE-2020-10671 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-10671?
Check the references section above for vendor advisories and patch information. Affected products include: Canon Oce Colorwave 500 Firmware, Canon Oce Colorwave 500.