This is a rough PoC of downloading a scanned document from an eSCL-capable scanner/MFP.
- An attacker could gain access to sensitive documents which are physically in the scanner.
- By sending a requests indefinitely, an attacker could perform a DoS attack on the scanner.
- Scans can be saved to arbitrary locations using
pwg:DestinationUri(not implemented here).
Tested on Kyocera ECOSYS.