CVE-2019-14339

MEDIUM

Canon PRINT 2.5.5 - Unauthenticated Sensitive Information Exposure via ContentProvider

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2019-14339. PoCs published by 0x48piraj.

AI-analyzed exploit summary The exploit demonstrates an unprotected exported content provider in Canon PRINT 2.5.5, allowing unauthorized access to sensitive data such as factory passwords and WPA2-PSK keys via a malicious application. The PoC includes both Java and Python scripts to query the vulnerable content provider.

Description

The ContentProvider in the Canon PRINT jp.co.canon.bsd.ad.pixmaprint 2.5.5 application for Android does not properly restrict canon.ij.printer.capability.data data access. This allows an attacker's malicious application to obtain sensitive information including factory passwords for the administrator web interface and WPA2-PSK key.

Exploits (2)

exploitdb WORKING POC

by 0x48piraj · textlocalandroid

https://www.exploit-db.com/exploits/47321

View Code ZIP pw:eip

The exploit demonstrates an unprotected exported content provider in Canon PRINT 2.5.5, allowing unauthorized access to sensitive data such as factory passwords and WPA2-PSK keys via a malicious application. The PoC includes both Java and Python scripts to query the vulnerable content provider.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Canon PRINT 2.5.5

No auth needed

Prerequisites: Android device with Canon PRINT 2.5.5 installed · ADB access or malicious application installed on the target device

MITRE ATT&CK

T1530 - Data from Cloud Storage

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 14 stars

by 0x48piraj · poc

https://github.com/0x48piraj/CVE-2019-14339

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2019-14339, demonstrating a Content Provider URI Injection vulnerability in Canon PRINT 2.5.5. The exploit leaks sensitive printer information, including factory passwords and WPA2-PSK keys, via an unprotected exported content provider.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Canon PRINT 2.5.5

No auth needed

Prerequisites: Canon PRINT 2.5.5 installed on Android device · Supported Canon printer

MITRE ATT&CK

T1005 - Data from Local System

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Product, Third Party Advisory x_refsource_misc

https://play.google.com/store/apps/details?id=jp.co.canon.bsd.ad.pixmaprint&hl=en_US

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/154266/Canon-PRINT-2.5.5-URI-Injection.html

Scores

CVSS v3 5.5

EPSS 0.0539

EPSS Percentile 91.7%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

Status published

Products (1)

canon/print 2.5.5

Published Sep 05, 2019

Tracked Since Feb 18, 2026