CVE-2021-38154
First published: Sun Aug 29 2021(Updated: )
Certain Canon devices manufactured in 2012 through 2020 (such as imageRUNNER ADVANCE iR-ADV C5250), when Catwalk Server is enabled for HTTP access, allow remote attackers to modify an e-mail address setting, and thus cause the device to send sensitive information through e-mail to the attacker. For example, an incoming FAX may be sent through e-mail to the attacker. This occurs when a PIN is not required for General User Mode, as exploited in the wild in August 2021.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Canon - |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-38154?
CVE-2021-38154 is a vulnerability found in certain Canon devices manufactured between 2012 and 2020.
How does CVE-2021-38154 work?
CVE-2021-38154 allows remote attackers to modify an e-mail address setting on the affected Canon devices, which can result in the device sending sensitive information to the attacker via e-mail.
What is the severity of CVE-2021-38154?
CVE-2021-38154 has a severity rating of 7.5, which is considered high.
Which Canon devices are affected by CVE-2021-38154?
Certain Canon devices manufactured between 2012 and 2020, such as imageRUNNER ADVANCE iR-ADV C5250, are affected by CVE-2021-38154.
How can CVE-2021-38154 be fixed?
To fix CVE-2021-38154, it is recommended to apply the necessary security patches or updates provided by Canon.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/tags
- agent/event
- agent/description
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/canon
- canonical/canon -