CVE-2021-38154
Canon imageRUNNER ADVANCE/Canon devices (2012–2020), e.g., iR-ADV C5250, expose an unauthenticated risk when Catwalk Server is accessible via HTTP: remote attackers can modify the device’s e-mail address settings, causing sensitive data (e.g., faxes) to be sent to attacker-controlled e-mail addre...