Oce Colorwave 500 CSRF / XSS / Authentication Bypass

Oce Colorwave 500 printer suffers from authentication bypass, cross site request forgery, and cross site scripting vulnerabilities.

MD5 | 51d2962185d7ad115ac770a057370202

# Exploit Title: Océ Colorwave 500 printer: Multiple vulnerabilities
# Exploit Author: Giuseppe Calì, Marco Ortisi
# Authors blog: https://www.redtimmy.com
# Vendor Homepage: https://www.canon.com
# Software Link:
# Version:
# CVE: 2020-10667, 2020-10668, 2020-10669, 2020-10670, 2020-10671

We have recently registered five CVE(s) affecting the Oce Colorwave 500

CVE-2020-10669 is an authentication bypass allowing an attacker to
documents that have been uploaded to the printer. As the documents
remain stored
in the system even after they have been printed (depending on the
configuration), a malicious insider may be able to access documents
printed in
the past.

CVE-2020-10667 is a Stored XSS on the

CVE-2020-10668 and CVE-10670 are two Reflected XSS on pages “/home.jsp”

Finally CVE-10671 is a system-wide CSRF due to the absence of any form
of nonce
or countermeasure protecting against Cross Site Request Forgery.

More details and full story here:

Related Posts