Vulnerability CVE-2019-14339


Published: 2019-09-05

Description:
The ContentProvider in the Canon PRINT jp.co.canon.bsd.ad.pixmaprint 2.5.5 application for Android does not properly restrict canon.ij.printer.capability.data data access. This allows an attacker's malicious application to obtain sensitive information including factory passwords for the administrator web interface and WPA2-PSK key.

See advisories in our WLB2 database:
Topic
Author
Date
Low
Canon PRINT 2.5.5 URI Injection
0x48piraj
01.09.2019

Type:

CWE-200

(Information Exposure)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Canon -> Print 

 References:
http://packetstormsecurity.com/files/154266/Canon-PRINT-2.5.5-URI-Injection.html
https://play.google.com/store/apps/details?id=jp.co.canon.bsd.ad.pixmaprint&hl=en_US

Copyright 2020, cxsecurity.com

 

Back to Top