Canon PIXMA MX722 Information Disclosure

Medium Nessus Network Monitor Plugin ID 8179

Synopsis

A networked Canon PIXMA printer was detected with insecure settings.

Description

The Canon PIXMA is prone to information disclosure due to its unencrypted traffic when responding to a request from a web client. Furthermore, no authentication was detected to process this request (i.e., the admin password was not set). Any unauthenticated user on the same network would be able to sniff the network settings, including the wifi password if used.

Solution

The vendor has not issued any updates, but this vulnerability may be somewhat mitigated by setting the admin password on the Canon printer device.

See Also

http://packetstormsecurity.com/files/125930/Canon-PIXMA-MX722-Printer-Wireless-Password-Disclosure.html

http://www.usa.canon.com/cusa/support/consumer/printers_multifunction/pixma_mx_series/pixma_mx722

Plugin Details

Severity: Medium

ID: 8179

Family: IoT

Published: 2014/03/31

Modified: 2018/09/16

Dependencies: 1442

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:ND/RL:U/RC:ND

CVSSv3

Base Score: 5.3

Temporal Score: 5.3

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS3#E:X/RL:U/RC:X

Vulnerability Information

Vulnerability Publication Date: 2014/03/28

Reference Information

BID: 66527