Unauthorized Retrieval of Stored SMB Credentials on Canon Oce ColorWave 3500 5.1.1.0 Devices

Unauthorized Retrieval of Stored SMB Credentials on Canon Oce ColorWave 3500 5.1.1.0 Devices

CVE-2020-26508 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the UI.

Learn more about our Web App Pen Testing.