Canon Group
Close Close
Canon Experience Store Logo | Canon Australia
Canon Experience Store Test, try and buy all the latest Canon digital cameras, lenses, and printers. Visit
Canon Finance logo | Canon Australia
Canon Finance Finance the latest technology for your business when you need it. Visit
Canon Professional Services logo | Canon Australia
Canon Professional Services Join our network of professionals and support services with a CPS membership. Visit
SUNSTUDIOS logo | Canon Australia
SUNSTUDIOS Innovative space and services for visual creatives and professionals. Visit
Canon Business Services ANZ
Canon Business Services Discover our range of business services with Canon Business Services. Visit
Canon Medical Systems Corporation Logo | Canon Australia
Canon Medical Systems World-class diagnostic imaging products and intelligent healthcare IT solutions. Visit
Products
Get Inspired
Support
Canon for Business
search
About Canon
Contact us
Menu Menu Close Close Search
Home
/ News
/ Support News
/ Regarding vulnerability measure against buffer overflow for Laser Printers/Inkjet Printer and Small Office Multifunction Printers

Regarding vulnerability measure against buffer overflow for Laser Printers/Inkjet Printer and Small Office Multifunction Printers

16th February 2022

Multiple cases of buffer overflow vulnerabilities have been confirmed for Canon Laser Printers/Inkjet Printer and Small Office Multifunction Printers (Refer to affected models shown below).

 (CVE-2022-24672、CVE-2022-24673、CVE-2022-24674)

This vulnerability suggest the possibility that if a product is connected directly to the Internet without using a wired or Wi-Fi router, a third party on the Internet may execute arbitrary code or the product could be subjected to Denial-of Service (DoS) attack.

We have not received any report of damage up to date.

For the safety of your products, please update the firmware of the affected products to the latest version.

At the same time, do not connect directly to the Internet. Instead, set a private IP address on a secure private network configured via firewall product or a wired/Wi-Fi router.

For details, please refer to the following link
“Regarding security for products connected to a network”
https://global.canon/en/support/security/prd-secu.html

We will work to further strengthen security measures to ensure that customers can continue using Canon products with peace of mind.

The Laser Printer/Inkjet Printer and Small Office Multifunction Printers, which require the countermeasure
MF6180DW
MF8580CDW
MF810CDN
MF729CX
LBP251DW/253X
MF416DW/419X
MF515X
LBP654CX
MF735CX
LBP215X
MF426DW/429X
MF525X
LBP664CX
C1127iF
MF746CX
iR1643iF
LBP223DW/228X
MF445DW/449X
MF543X
MF1643iF II
WG7650

As soon as we confirm the vulnerability of other products, we will inform you immediately on this page.

Firmware for the Small Office Multifunction & Laser Printers:

Download from here


CANON would like to thank the following people for identifying this vulnerability.
• CVE-2022-24672: Mehdi Talbi (@abu_y0ussef), Remi Jullian (@netsecurity1), Thomas Jeunet (@cleptho), from @Synacktiv working with Trend Micro's Zero Day Initiative
• CVE-2022-24673: Angelboy (@scwuaptx) from DEVCORE Research Team working with Trend Micro's Zero Day Initiative
• CVE-2022-24674: Nicolas Devillers (@nikaiw), Jean-Romain Garnier and Raphael Rigo (@_trou_) working with Trend Micro's Zero Day Initiative

  • Category
  • Archives
Share this page