Canon LBP252 Printer

Platform Information https://www.canon.co.uk/support/consumer_products/products/printers/laser/i-sensys_lbp252dw.html?type=specifications
Search Engine Search on Google
Type Printer
End of Sales -
End of Life -
Wired Connection Yes
Wireless Connection -
Fingerprinting Source HTTP NIC VENDOR
Added at Nov 05, 2019
Manufacturer Name Canon Inc
Homepage http://global.canon/en/support/
Headquarters Japan
Business Status Ongoing


Platform’s Common Vulnerabilities and Exposures (CVE)
CVE-ID
Severity v3.0
Severity v2.0
Description
No records found.

Manufacturer’s Common Vulnerabilities and Exposures (CVE)
CVE-ID
Severity v3.0
Severity v2.0
Description
CVE-2020-10669
03/19/2020
HIGH
7.5
MEDIUM
5
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to authentication bypass on the page /home.jsp. An unauthenticated attacker able to connect to the device's web interface can get a copy of the documents uploaded by any users. NOTE: this is fixed in the latest version.
CVE-2020-10671
03/19/2020
HIGH
8.8
MEDIUM
6.8
The Canon Oce Colorwave 500 4.0.0.0 printer's web application is missing any form of CSRF protections. This is a system-wide issue. An attacker could perform administrative actions by targeting a logged-in administrative user. NOTE: this is fixed in the latest version.
CVE-2020-10670
03/19/2020
MEDIUM
6.1
MEDIUM
4.3
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in the parameter settingId of the settingDialogContent.jsp page. NOTE: this is fixed in the latest version.
CVE-2020-10668
03/19/2020
MEDIUM
6.1
MEDIUM
4.3
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in /home.jsp. The vulnerable parameter is openSI. NOTE: this is fixed in the latest version.
CVE-2020-10667
03/19/2020
MEDIUM
6.1
MEDIUM
4.3
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Stored XSS in /TemplateManager/indexExternalLocation.jsp. The vulnerable parameter is map(template_name). NOTE: this is fixed in the latest version.



Scroll to Top

We use cookies to help improve this website and enhance your browsing experience You can change your cookie settings at any time. • Privacy • Terms