[Japanese]

JVNDB-2006-000737

NEC MultiWriter 1700C/7500C FTP server vulnerability

Overview

NEC printers contain a vulnerability which allow connection to external FTP servers via the printer's internal FTP server. Although the printer's FTP server can connect to a target FTP server, it cannot send files to a target FTP server.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 5.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


NEC Corporation
  • NEC ColorMultiWriter 7500C (model number: PR-L7500C)
  • NEC MultiWriter 1700C (model number: PR-L1700C)
  • Network Expansion Card PR-L1700C-MC

Impact

A remote attacker could possibly conduct a FTP bounce attack via the printer's FTP server against another host.
Solution

Vendor Information

NEC Corporation
  • NEC Security Information : NV06-005 (Japanese)
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2006-6947
References

  1. JVN : JVN#85996645
  2. National Vulnerability Database (NVD) : CVE-2006-6947
Revision History

  • [2008/05/21]
      Web page published