CVE-2013-4613

Published: Jun 21, 2013Modified: Apr 29, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

The default configuration of the administrative interface on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers does not require authentication, which allows remote attackers to modify the configuration by visiting the Advanced page. NOTE: the vendor has apparently responded by stating "for user convenience, the default setting does not require a password. However, if a user has a particular concern about third parties accessing the user's home printer, the default setting can be changed to add a password."

Affected (9)

Products: Canon: Mg3100 Printer, Mg5300 Printer, Mg6100 Printer, Mp340 Printer, Mp495 Printer, Mx870 Printer, Mx890 Printer, Mx920 Printer, Mx922 Printer

9 products

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Canon Mg3100 Printer	All versions
Canon Mg5300 Printer	All versions
Canon Mg6100 Printer	All versions
Canon Mp340 Printer	All versions
Canon Mp495 Printer	All versions
Canon Mx870 Printer	All versions
Canon Mx890 Printer	All versions
Canon Mx920 Printer	All versions
Canon Mx922 Printer	All versions

Related CWEs

CWE-264

References (4)

http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0146.html

Source: cve@mitre.org

http://www.mattandreko.com/2013/06/canon-y-u-no-security.html

Source: cve@mitre.org

http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0146.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mattandreko.com/2013/06/canon-y-u-no-security.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.