CVE-2019-14339

MEDIUM

Canon PRINT - Info Disclosure

Title source: llm

Description

The ContentProvider in the Canon PRINT jp.co.canon.bsd.ad.pixmaprint 2.5.5 application for Android does not properly restrict canon.ij.printer.capability.data data access. This allows an attacker's malicious application to obtain sensitive information including factory passwords for the administrator web interface and WPA2-PSK key.

Exploits (2)

exploitdb WORKING POC

by 0x48piraj · textlocalandroid

https://www.exploit-db.com/exploits/47321

View Code ZIP pw:eip

nomisec WORKING POC 14 stars

by 0x48piraj · poc

https://github.com/0x48piraj/CVE-2019-14339

View Code ZIP pw:eip

References (2)

[Product, Third Party Advisory] https://play.google.com/store/apps/details?id=jp.co.canon.bsd.ad.pixmaprint&hl=en_US

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/154266/Canon-PRINT-2.5.5-URI-Injection.html

Scores

CVSS v3 5.5

EPSS 0.0452

EPSS Percentile 89.2%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

Status published

Products (1)

canon/print 2.5.5

Published Sep 05, 2019

Tracked Since Feb 18, 2026