First published: Sun Aug 29 2021(Updated: )
Certain Canon devices manufactured in 2012 through 2020 (such as imageRUNNER ADVANCE iR-ADV C5250), when Catwalk Server is enabled for HTTP access, allow remote attackers to modify an e-mail address setting, and thus cause the device to send sensitive information through e-mail to the attacker. For example, an incoming FAX may be sent through e-mail to the attacker. This occurs when a PIN is not required for General User Mode, as exploited in the wild in August 2021.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Canon - |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-38154 is a vulnerability found in certain Canon devices manufactured between 2012 and 2020.
CVE-2021-38154 allows remote attackers to modify an e-mail address setting on the affected Canon devices, which can result in the device sending sensitive information to the attacker via e-mail.
CVE-2021-38154 has a severity rating of 7.5, which is considered high.
Certain Canon devices manufactured between 2012 and 2020, such as imageRUNNER ADVANCE iR-ADV C5250, are affected by CVE-2021-38154.
To fix CVE-2021-38154, it is recommended to apply the necessary security patches or updates provided by Canon.