Canon Group
Close Close
Menu Menu Close Close Search

Regarding the measure against vulnerability measure of RSA Key generation for Enterprise/Small Office Multifunction Printers and Laser Printers/Inkjet Printers

8th April 2022

A vulnerability had been confirmed in the RSA key generating process in the Cryptographic library mounted on Canon’s Enterprise/Small Office Multifunction Printers and Laser Printers/Inkjet Printers (Affected products are listed below).

 (CVE-2022-26320)

The risk of this vulnerability is the possibility of private key for RSA public key being estimated by someone, due to incorrect generation process of RSA key pair. If RSA key pair is used for TLS or IPSec, which is generated by a Cryptographic library with this vulnerability, this RSA public key could be taken by a third party or even be falsified.

We have not received any damage reported regarding this vulnerability so far, however, users can rest assured if firmware on the affected products are updated to the latest version thus we ask for your assistance.

In case the RSA key pair had been created by the questioned Cryptographic library with this vulnerability, additional steps after firmware version upgrade will be required. Depending on the affected models at your hand, refer to Steps to check the key and measure to be taken described below to take a correct action. In addition, do not connect the products to the web directly, but use fire wall, wire connected environment or securely protected private network environment if using Wi-Fi router. Set private IP address as well.

For details, please refer to the following link “Regarding security for products connected to a network”.

“Regarding security for products connected to a network”
https://global.canon/en/support/security/prd-secu.html

Enterprise/Small Office Multifunction Printers and Laser Printers/Inkjet Printers, which require the measure.

iR-ADV 8505/8595/8585
iR-ADV 6575/6565/6560/6555
iR-ADV 4551/4545/4535/4525
iR-ADV C5560/5550/5540/5535
iR-ADV C7580/C7570/C7565
iR-ADV C355/255
iR-ADV C356/256
iR-ADV C3530/C3520
iR-ADV 8505Ⅲ/8595Ⅲ/8585Ⅲ
iR-ADV 6575Ⅲ/6565Ⅲ/6560Ⅲ
iR-ADV 4551Ⅲ/4545 Ⅲ/4535 Ⅲ/4525 Ⅲ
iR-ADV 715Ⅲ/615Ⅲ/525Ⅲ
iR-ADV C5560Ⅲ/5550Ⅲ/5540Ⅲ/5535Ⅲ
iR-ADV C7580Ⅲ/C7570Ⅲ/C7565Ⅲ
iPR C165/C170
iR-ADV C256Ⅲ/C356Ⅲ
iR-ADV C3530Ⅲ/C3520Ⅲ
iR-ADV C475Ⅲ
iR-ADV 8705/8705B/8795
iR-ADV 6755/6765/6780
iR-ADV 4725/4735/4745/4751
iR-ADV 527/617/717
iR-ADV C5760/5750/5740/5735
iR-ADV C7780/C7770/C7765
iR-ADV C257/C357
iR-ADV C3730/C3720
iR-ADV C477/C478
iR-ADV 6855/6860/6870
iR-ADV C5870/C5860/C5850/C5840
iR-ADV C3830/C3826/C3835
PRO-G1/PRO-300,PRO-S1/PRO-200
IR 1643 IF II

As soon as we confirm the vulnerability of other products, we will inform you immediately on this page.

As for the firmware upgrade of Enterprise/Small Office Multifunction Printers, please inquire persons in charge with your service.
Link: Download firmware for Small Office Multifunction Printers here
Link: Download firmware for Laser Printers here
Link: Download firmware for Inkjet Printers here
Link: Steps to check and take a measure for Enterprise Multifunction Printers key here
Link: Steps to check and take a measure for Small Office Multifunction Printers key here
Link: Steps to check and take a measure for Laser Printers key here
Link: Steps to check and take a measure for Inkjet Printers key here

Share this page