Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
The ContentProvider in the Canon PRINT jp.co.canon.bsd.ad.pixmaprint 2.5.5 application for Android does not properly restrict canon.ij.printer.capability.data data access. This allows an attacker's malicious application to obtain sensitive information including factory passwords for the administrator web interface and WPA2-PSK key.
AnalysisAI
The ContentProvider in the Canon PRINT jp.co.canon.bsd.ad.pixmaprint 2.5.5 application for Android does not properly restrict canon.ij.printer.capability.data data access. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
The ContentProvider in the Canon PRINT jp.co.canon.bsd.ad.pixmaprint 2.5.5 application for Android does not properly restrict canon.ij.printer.capability.data data access. This allows an attacker's malicious application to obtain sensitive information including factory passwords for the administrator web interface and WPA2-PSK key. Affected products include: Canon Print.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
In mapfish-print before version 3.24, a user can do to an XML External Entity (XXE) attack with the provided SDL style.
Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privil
In mapfish-print before version 3.24, a user can use the JSONP support to do a Cross-site scripting. Rated medium severi
Cross-site scripting (XSS) vulnerability in the Printer, email and PDF versions module 6.x-1.x before 6.x-1.15 and 7.x-1
Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 6.x-1.x before 6.x-1
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today