CVE-2018-12048
Last modified
CVE-2018-12048 is a vulnerability of currently unknown severity. A remote attacker can bypass the Management Mode on the Canon LBP7110Cw web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation. EPSS estimates a 5.18% chance of exploitation in the next 30 days.
Description
A remote attacker can bypass the Management Mode on the Canon LBP7110Cw web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Canon | Lbp7110cw Firmware | All versions |
References
- https://gist.github.com/huykha/455e7d3b86eb6629066d921f46bfcee3Broken Link, Third Party Advisory
- https://www.exploit-db.com/exploits/44885/Broken Link, Third Party Advisory, VDB Entry
- https://gist.github.com/huykha/455e7d3b86eb6629066d921f46bfcee3Broken Link, Third Party Advisory
- https://www.exploit-db.com/exploits/44885/Broken Link, Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-12048?
How severe is CVE-2018-12048?
How do I fix CVE-2018-12048?
Are you affected by CVE-2018-12048?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST