CVE-2018-12048
First published: Fri Jun 08 2018(Updated: )
** DISPUTED ** A remote attacker can bypass the Management Mode on the Canon LBP7110Cw web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Canon Lbp7110cw Firmware | ||
| Canon LBP7110Cw | ||
| All of | ||
| Canon Lbp7110cw Firmware | ||
| Canon LBP7110Cw |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2018-12048.
What is the severity of CVE-2018-12048?
CVE-2018-12048 has a severity rating of 9.8 (Critical).
What is the affected software?
The affected software is Canon Lbp7110cw Firmware.
How can a remote attacker exploit CVE-2018-12048?
A remote attacker can exploit CVE-2018-12048 by bypassing the Management Mode on the Canon LBP7110Cw web interface without a PIN.
Is there a fix available for CVE-2018-12048?
The vendor reportedly responded that this issue occurs when a customer keeps the default configuration, so it is recommended to change the default settings to mitigate the risk.
- collector/nvd-index
- agent/references
- agent/type
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/author
- agent/status
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- status/disputed
- vendor/canon
- canonical/canon lbp7110cw firmware
- canonical/canon lbp7110cw