Multiple cases of buffer overflow vulnerabilities have been confirmed for Canon Laser Printers/Inkjet Printer and Small Office Multifunction Printers (Refer to affected models shown below).
This vulnerability suggest the possibility that if a product is connected directly to the Internet without using a wired or Wi-Fi router, a third party on the Internet may execute arbitrary code or the product could be subjected to Denial-of Service (DoS) attack.
We have not received any report of damage up to date.
For the safety of your products, please update the firmware of the affected products to the latest version.
At the same time, do not connect directly to the Internet. Instead, set a private IP address on a secure private network configured via firewall product or a wired/Wi-Fi router.
For details, please refer to the following link
“Regarding security for products connected to a network”
We will work to further strengthen security measures to ensure that customers can continue using Canon products with peace of mind.
The Laser Printer/Inkjet Printer and Small Office Multifunction Printers, which require the countermeasure
As soon as we confirm the vulnerability of other products, we will inform you immediately on this page.
Firmware for the Small Office Multifunction & Laser Printers:
CANON would like to thank the following people for identifying this vulnerability.
• CVE-2022-24672: Mehdi Talbi (@abu_y0ussef), Remi Jullian (@netsecurity1), Thomas Jeunet (@cleptho), from @Synacktiv working with Trend Micro's Zero Day Initiative
• CVE-2022-24673: Angelboy (@scwuaptx) from DEVCORE Research Team working with Trend Micro's Zero Day Initiative
• CVE-2022-24674: Nicolas Devillers (@nikaiw), Jean-Romain Garnier and Raphael Rigo (@_trou_) working with Trend Micro's Zero Day Initiative