Vulnerabilities > CVE-2019-14339 - Unspecified vulnerability in Canon Print 2.5.5

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

canon

exploit available

NVD

Published: 2019-09-05

Updated: 2021-07-21

Summary

The ContentProvider in the Canon PRINT jp.co.canon.bsd.ad.pixmaprint 2.5.5 application for Android does not properly restrict canon.ij.printer.capability.data data access. This allows an attacker's malicious application to obtain sensitive information including factory passwords for the administrator web interface and WPA2-PSK key.

Vulnerable Configurations

Part	Description	Count
Application	Canon Canon Print 2.5.5	1

Exploit-Db

id	EDB-ID:47321
last seen	2019-08-30
modified	2019-08-30
published	2019-08-30
reporter	Exploit-DB
source	https://www.exploit-db.com/download/47321
title	Canon PRINT 2.5.5 - Information Disclosure

Packetstorm

data source	https://packetstormsecurity.com/files/download/154266/canonprint255-inject.txt
id	PACKETSTORM:154266
last seen	2019-08-31
published	2019-08-30
reporter	0x48piraj
source	https://packetstormsecurity.com/files/154266/Canon-PRINT-2.5.5-URI-Injection.html
title	Canon PRINT 2.5.5 URI Injection

Summary

Vulnerable Configurations

Exploit-Db

Packetstorm

References