Authentication Bypass Vulnerability in Canon Oce Colorwave 500 Printer

Authentication Bypass Vulnerability in Canon Oce Colorwave 500 Printer

CVE-2020-10669 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to authentication bypass on the page /home.jsp. An unauthenticated attacker able to connect to the device's web interface can get a copy of the documents uploaded by any users. NOTE: this is fixed in the latest version.

Learn more about our Web App Pen Testing.