CVE-2021-43471

Published: Dec 6, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

In Canon LBP223 printers, the System Manager Mode login does not require an account password or PIN. An attacker can remotely shut down the device after entering the background, creating a denial of service vulnerability.

Affected (1)

Products: Canon: Lbp223dw Firmware

Canon

1 product

Lbp223dw Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Canon Lbp223dw Firmware	All versions

Running on/with	Platform Versions
Canon Lbp223dw	All versions

Related CWEs

CWE-521

Weak Password Requirements

The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.

References (2)

https://github.com/cxaqhq/cve-1

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/cxaqhq/cve-1

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.