Security advisory for Canon Laser Printers and Small office Multifunctional Printers related to IP Stack protocol

30th September 2020

This advisory relates to the below listed Canon devices:
MF229DW / MF249DW / MF269DW
MF4420N
MF4550D / MF4570DN / MF4570DW / MF4580DN / MF4580DW
• MF4980DW

Thank you very much for using Canon Products.

A cyber security company headquartered in Israel, SCADAfence Ltd., has drawn our attention to a vulnerability related to IP stack protocol, which is used by Canon Laser Printers and Small office Multifunctional Printers. (CVE-2020-16849)

The reported vulnerability does not exist when:
• HTTPS is used for the communication of Remote UI, the vulnerability is not present since data is encrypted
• A private IP address is set and a network environment with a firewall or Wi-Fi router that can restrict access.

In an environment not protected by the above, due to the IP stack protocol vulnerability there is potential for a third-party attack on the printers, if connected to a PC on an unsecured network. This vulnerability is limited to fragmented “Address book” or/and “administrator password” only.

At this point in time, there have been no confirmed cases of these vulnerabilities being exploited to cause harm, but in order to ensure that our customers can use our products securely, we recommend that you update the firmware for the products listed above.

We have outlined a number of security measures to ensure customers can continue to use their Canon products in a more secure way, please check “Regarding security for products connected to a network” here.

Share this page