VYPR

Oce ColorWave 3500

by Canon

CVEs (6)

  • CVE-2020-26508Nov 16, 2020
    risk 0.00cvss epss 0.01

    The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the UI.

  • CVE-2020-10669Mar 19, 2020
    risk 0.00cvss epss 0.03

    The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to authentication bypass on the page /home.jsp. An unauthenticated attacker able to connect to the device's web interface can get a copy of the documents uploaded by any users. NOTE: this is…

  • CVE-2020-10671Mar 19, 2020
    risk 0.00cvss epss 0.01

    The Canon Oce Colorwave 500 4.0.0.0 printer's web application is missing any form of CSRF protections. This is a system-wide issue. An attacker could perform administrative actions by targeting a logged-in administrative user. NOTE: this is fixed in the latest version.

  • CVE-2020-10670Mar 19, 2020
    risk 0.00cvss epss 0.01

    The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in the parameter settingId of the settingDialogContent.jsp page. NOTE: this is fixed in the latest version.

  • CVE-2020-10668Mar 19, 2020
    risk 0.00cvss epss 0.01

    The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in /home.jsp. The vulnerable parameter is openSI. NOTE: this is fixed in the latest version.

  • CVE-2020-10667Mar 19, 2020
    risk 0.00cvss epss 0.02

    The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Stored XSS in /TemplateManager/indexExternalLocation.jsp. The vulnerable parameter is map(template_name). NOTE: this is fixed in the latest version.