QwikSec

Security Database

CVE

CWE

Training

CVE-2020-10669

Published: Mar 19, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to authentication bypass on the page /home.jsp. An unauthenticated attacker able to connect to the device's web interface can get a copy of the documents uploaded by any users. NOTE: this is fixed in the latest version.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.redtimmy.com/red-teaming/hacking-the-oce-colorwave-printer-when-a-quick-security-assessment-determines-the-success-of-a-red-team-exercise/

x_refsource_MISC

http://packetstormsecurity.com/files/156833/Oce-Colorwave-500-CSRF-XSS-Authentication-Bypass.html

x_refsource_MISC

20200320 Oce Colorwave 500 printer - multiple vulnerabilities

mailing-list

x_refsource_FULLDISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.