First published: Tue Feb 08 2022(Updated: )
Cross-site scripting vulnerability in Canon laser printers and small office multifunctional printers (LBP162L/LBP162, MF4890dw, MF269dw/MF265dw/MF264dw/MF262dw, MF249dw/MF245dw/MF244dw/MF242dw/MF232w, and MF229dw/MF224dw/MF222dw sold in Japan, imageCLASS MF Series (MF113W/MF212W/MF217W/MF227DW/MF229DW, MF232W/MF244DW/MF247DW/MF249DW, MF264DW/MF267DW/MF269DW/MF269DW VP, and MF4570DN/MF4570DW/MF4770N/MF4880DW/MF4890DW) and imageCLASS LBP Series (LBP113W/LBP151DW/LBP162DW ) sold in the US, and iSENSYS (LBP162DW, LBP113W, LBP151DW, MF269dw, MF267dw, MF264dw, MF113w, MF249dw, MF247dw, MF244dw, MF237w, MF232w, MF229dw, MF217w, MF212w, MF4780w, and MF4890dw) and imageRUNNER (2206IF, 2204N, and 2204F) sold in Europe) allows remote attackers to inject an arbitrary script via unspecified vectors.
Credit: vultures@jpcert.or.jp
Affected Software | Affected Version | How to fix |
---|---|---|
Canon 2204f | ||
Canon 2204n | ||
Canon 2206if | ||
Canon Lbp113w | ||
Canon Lbp151dw | ||
Canon Lbp162 | ||
Canon Lbp162dw | ||
Canon Lbp162l | ||
Canon Mf113w | ||
Canon Mf212w | ||
Canon Mf217w | ||
Canon Mf222dw | ||
Canon Mf224dw | ||
Canon Mf227dw | ||
Canon Mf229dw | ||
Canon Mf232w | ||
Canon MF237w | ||
Canon Mf242dw | ||
Canon Mf244dw | ||
Canon Mf245dw | ||
Canon Mf247dw | ||
Canon Mf249dw | ||
Canon Mf262dw | ||
Canon Mf264dw | ||
Canon Mf265dw | ||
Canon Mf267dw | ||
Canon Mf269dw | ||
Canon Mf269dw Vp | ||
Canon Mf4570dn | ||
Canon Mf4570dw | ||
Canon Mf4770n | ||
Canon Mf4780w | ||
Canon Mf4880dw | ||
Canon Mf4890dw |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2021-20877 is medium with a severity value of 4.8.
Canon laser printers and small office multifunctional printers including models: LBP162L/LBP162, MF4890dw, MF269dw/MF265dw/MF264dw/MF262dw, MF249dw/MF245dw/MF244dw/MF242dw/MF232w, and MF229dw/MF224dw/MF222dw sold in Japan, imageCLASS MF Series (MF113W/MF212W/MF217W/MF227DW/MF229…
The Common Weakness Enumeration (CWE) for CVE-2021-20877 is CWE-79 (Cross-site Scripting).
The vulnerability in Canon laser printers and small office multifunctional printers is considered medium severity.
You can find more information about CVE-2021-20877 at the following references: [Link 1](https://cweb.canon.jp/e-support/info/211221xss.html), [Link 2](https://jvn.jp/en/jp/JVN64806328/index.html), [Link 3](https://jvn.jp/jp/JVN64806328/index.html).