CVE-2018-11711
Last modified
CVE-2018-11711 is a vulnerability of currently unknown severity. A remote attacker can bypass the System Manager Mode on the Canon MF210 and MF220 web interface without knowing the PIN for /login.html via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation. EPSS estimates a 5.26% chance of exploitation in the next 30 days.
Description
A remote attacker can bypass the System Manager Mode on the Canon MF210 and MF220 web interface without knowing the PIN for /login.html via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Canon | Mf210 Firmware | All versions |
| Canon | Mf220 Firmware | All versions |
References
- https://gist.github.com/huykha/9dbcd0e46058f1e18bab241d1b2754bdBroken Link, Third Party Advisory
- https://www.exploit-db.com/exploits/44845/Broken Link, Third Party Advisory, VDB Entry
- https://gist.github.com/huykha/9dbcd0e46058f1e18bab241d1b2754bdBroken Link, Third Party Advisory
- https://www.exploit-db.com/exploits/44845/Broken Link, Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-11711?
How severe is CVE-2018-11711?
How do I fix CVE-2018-11711?
Are you affected by CVE-2018-11711?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST