LBP#### Canon Printers – Two Issues

Several Canon printers (Shodan search) seem to have a web interface that doesn’t require authentication (94418). Models tested:
LBP3560
LBP5460
LBP5960
LBP5970
LBP6650

canon-print01

From the interface you can see a list of printed documents and usernames. This information may contain a little sensitive data in the printed document name, and the usernames are helpful for other attacks:

canon-infodisc1

You can also upload any file you want to be printed without authentication (End-user Mode). This can be used for pranks or a DoS to keep the device tied up and waste ink:

canon-print02

Advertisements

Tags:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: