Posted on 17 April 2023
Updated 27 July 2023
Multiple vulnerabilities were found for certain Office / Small Office Multifunction Printers, Laser Printers and Inkjet Printers.
These vulnerabilities highlight the possibility that if a product is connected directly to the Internet without using a router (wired or Wi-Fi), an unauthenticated remote attacker via the Internet may be able to execute arbitrary code and/or may be able to target the product in a Denial-of Service (DoS) attack. An attacker may also be able to install arbitrary files due to improper authentication of RemoteUI.
<Buffer Overflow>
CVE-2023-0851
CVE-2023-0852
CVE-2023-0853
CVE-2023-0854
CVE-2023-0855
CVE-2023-0856
CVE-2022-43974
CVE-2022-43608
< Problems During Initial Registration of System Administrators in Control Protocols >
CVE-2023-0857
< Improper authentication of RemoteUI >
CVE-2023-0858
< Installation of arbitrary files >
CVE-2023-0859
There have been no reports of damage relating to this vulnerability. However, to enhance the security of the product, we advise customers to install the latest firmware available for the Affected Models provided below. We also recommend customers to set a private IP address for the products and create a network environment with a firewall or Wired/Wi-Fi router that can restrict network access.
For more details on securing products when connected to a network, please visit here.
We continue to review and strengthen security measures for our products to ensure that customers can continue using Canon products with peace of mind.
Affected Products:
Small Office MFP/LBP | CVE-2022-43608 | CVE-2023-0851 | CVE-2023-0852 | CVE-2023-0853 | CVE-2023-0854 | CVE-2023-0855 | CVE-2023-0856 | CVE-2023-0857 | CVE-2023-0858 | CVE-2023-0859 | CVE-2022-43974 |
---|---|---|---|---|---|---|---|---|---|---|---|
LBP654CX MF735CX |
✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||||
MF429X MF426DW MF525X |
✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||||
C1127IF LBP664cx MF746CX |
✓ * | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
MF449X MF445DW MF543X IR1643IF LBP228X LBP223DW LBP223DX LBP223 |
✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
IR1643IF II | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
MF756CX C1333IF LBP674CX |
✓ (only MFP) |
✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
MF269DW | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||
* This has been addressed on 12 Dec 2022. | |||||||||||
iR-ADV/iR/MF/LBP Series | CVE-2022-43608 | CVE-2023-0851 | CVE-2023-0852 | CVE-2023-0853 | CVE-2023-0854 | CVE-2023-0855 | CVE-2023-0856 | CVE-2023-0857 | CVE-2023-0858 | CVE-2023-0859 | CVE-2022-43974 |
IR-ADV 4945 IR-ADV 4925 |
✓ | ✓ | ✓ | ✓ | ✓ | ||||||
IR-ADV C3935 IR-ADV C3930 IR-ADV C3926 IR-ADV C3922 |
✓ | ✓ | ✓ | ✓ | ✓ | ||||||
IR-ADV 719IZ IR-ADV 619I IR-ADV 529I |
✓ | ✓ | ✓ | ✓ | ✓ | ||||||
IR-ADV C359 IR-ADV C259 |
✓ | ✓ | ✓ | ✓ | ✓ | ||||||
IR-ADV 6980 | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||
IR-ADV 8905 | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||
IPR V1350 | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||
IPR V900 IPR V800 IPR V700 |
✓ | ✓ | ✓ | ✓ | ✓ | ||||||
IPR V1000 | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||
C1538IF | ✓ | ✓ | ✓ | ✓ | ✓ | ||||||
C1538P | ✓ | ✓ | ✓ | ✓ | |||||||
Inkjet Printer | CVE-2022-43608 | CVE-2023-0851 | CVE-2023-0852 | CVE-2023-0853 | CVE-2023-0854 | CVE-2023-0855 | CVE-2023-0856 | CVE-2023-0857 | CVE-2023-0858 | CVE-2023-0859 | CVE-2022-43974 |
G3630 | ✓ | ||||||||||
GX3060 | ✓ | ||||||||||
GX4060 | ✓ | ||||||||||
G3670 | ✓ | ||||||||||
G4670 | ✓ | ||||||||||
TC-20 | ✓ | ||||||||||
TC-20M | ✓ |
We will continue to update customers on any vulnerability detected in other products.