CVE-2021-20877: XSS
First published: Tue Feb 08 2022(Updated: )
Cross-site scripting vulnerability in Canon laser printers and small office multifunctional printers (LBP162L/LBP162, MF4890dw, MF269dw/MF265dw/MF264dw/MF262dw, MF249dw/MF245dw/MF244dw/MF242dw/MF232w, and MF229dw/MF224dw/MF222dw sold in Japan, imageCLASS MF Series (MF113W/MF212W/MF217W/MF227DW/MF229DW, MF232W/MF244DW/MF247DW/MF249DW, MF264DW/MF267DW/MF269DW/MF269DW VP, and MF4570DN/MF4570DW/MF4770N/MF4880DW/MF4890DW) and imageCLASS LBP Series (LBP113W/LBP151DW/LBP162DW ) sold in the US, and iSENSYS (LBP162DW, LBP113W, LBP151DW, MF269dw, MF267dw, MF264dw, MF113w, MF249dw, MF247dw, MF244dw, MF237w, MF232w, MF229dw, MF217w, MF212w, MF4780w, and MF4890dw) and imageRUNNER (2206IF, 2204N, and 2204F) sold in Europe) allows remote attackers to inject an arbitrary script via unspecified vectors.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Canon IR2204F Firmware | ||
| Canon ir2204n firmware | ||
| Canon imageRUNNER 2206IF | ||
| Canon LBP113W Firmware | ||
| Canon LBP151DW Firmware | ||
| Canon LBP162DW | ||
| Canon LBP162 | ||
| Canon LBP162L | ||
| Canon MF113W Firmware | ||
| Canon MF212w Firmware | ||
| Canon MF217w Firmware | ||
| Canon MF222dw | ||
| Canon MF224dw | ||
| Canon MF227DW | ||
| Canon MF229dw Firmware | ||
| Canon MF232w Firmware | ||
| Canon MF237w firmware | ||
| Canon MF242dw | ||
| Canon MF244dw Firmware | ||
| Canon MF245dw | ||
| Canon MF247DW Firmware | ||
| Canon MF249dw Firmware | ||
| Canon MF262dw | ||
| Canon MF264dw Firmware | ||
| Canon MF265dw | ||
| Canon MF267dw Firmware | ||
| Canon MF269dw VP | ||
| Canon MF269dw | ||
| Canon MF4570DN firmware | ||
| Canon MF4570DW | ||
| Canon MF4770N | ||
| Canon MF4780W Firmware | ||
| Canon MF4880DW | ||
| Canon MF4890dw Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://cweb.canon.jp/e-support/info/211221xss.html
- https://jvn.jp/en/jp/JVN64806328/index.html
- https://jvn.jp/jp/JVN64806328/index.html
- https://www.canon-europe.com/support/product-security-latest-news/
- https://www.usa.canon.com/internet/portal/us/home/support/product-advisories/detail/Service-Notice-Canon-Laser-Printer-and-Small-Office-Multifunctional-Printer-related-to-cross-site-scripting
Frequently Asked Questions
What is the severity of CVE-2021-20877?
The severity of CVE-2021-20877 is medium with a severity value of 4.8.
Which Canon devices are affected by CVE-2021-20877?
Canon laser printers and small office multifunctional printers including models: LBP162L/LBP162, MF4890dw, MF269dw/MF265dw/MF264dw/MF262dw, MF249dw/MF245dw/MF244dw/MF242dw/MF232w, and MF229dw/MF224dw/MF222dw sold in Japan, imageCLASS MF Series (MF113W/MF212W/MF217W/MF227DW/MF229…
What is the Common Weakness Enumeration (CWE) for CVE-2021-20877?
The Common Weakness Enumeration (CWE) for CVE-2021-20877 is CWE-79 (Cross-site Scripting).
How severe is the vulnerability in Canon laser printers and small office multifunctional printers?
The vulnerability in Canon laser printers and small office multifunctional printers is considered medium severity.
Where can I find more information about CVE-2021-20877?
You can find more information about CVE-2021-20877 at the following references: [Link 1](https://cweb.canon.jp/e-support/info/211221xss.html), [Link 2](https://jvn.jp/en/jp/JVN64806328/index.html), [Link 3](https://jvn.jp/jp/JVN64806328/index.html).
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/last-modified-date
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/canon
- canonical/canon ir2204f firmware
- canonical/canon ir2204n firmware
- canonical/canon imagerunner 2206if
- canonical/canon lbp113w firmware
- canonical/canon lbp151dw firmware
- canonical/canon lbp162dw
- canonical/canon lbp162
- canonical/canon lbp162l
- canonical/canon mf113w firmware
- canonical/canon mf212w firmware
- canonical/canon mf217w firmware
- canonical/canon mf222dw
- canonical/canon mf224dw
- canonical/canon mf227dw
- canonical/canon mf229dw firmware
- canonical/canon mf232w firmware
- canonical/canon mf237w firmware
- canonical/canon mf242dw
- canonical/canon mf244dw firmware
- canonical/canon mf245dw
- canonical/canon mf247dw firmware
- canonical/canon mf249dw firmware
- canonical/canon mf262dw
- canonical/canon mf264dw firmware
- canonical/canon mf265dw
- canonical/canon mf267dw firmware
- canonical/canon mf269dw vp
- canonical/canon mf269dw
- canonical/canon mf4570dn firmware
- canonical/canon mf4570dw
- canonical/canon mf4770n
- canonical/canon mf4780w firmware
- canonical/canon mf4880dw
- canonical/canon mf4890dw firmware