Vulnerability Details : CVE-2019-14339
The ContentProvider in the Canon PRINT jp.co.canon.bsd.ad.pixmaprint 2.5.5 application for Android does not properly restrict canon.ij.printer.capability.data data access. This allows an attacker's malicious application to obtain sensitive information including factory passwords for the administrator web interface and WPA2-PSK key.
Products affected by CVE-2019-14339
- cpe:2.3:a:canon:print:2.5.5:*:*:*:*:android:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-14339
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 39 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-14339
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST |
References for CVE-2019-14339
-
http://packetstormsecurity.com/files/154266/Canon-PRINT-2.5.5-URI-Injection.html
Canon PRINT 2.5.5 URI Injection ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://play.google.com/store/apps/details?id=jp.co.canon.bsd.ad.pixmaprint&hl=en_US
Canon PRINT Inkjet/SELPHY - Apps on Google PlayProduct;Third Party Advisory
Jump to