Canon Laser Printer/Inkjet Printer and Small Office Multifunctional Printer measure against buffer overflow
Updated on: July 11, 2022
Canon U.S.A., Inc. has recently become aware of potential multiple buffer overflow vulnerabilities in the Canon Laser Printers/Inkjet Printer and Small Office Multifunctional Printers listed below. If the product is connected directly to the internet without using a wired or Wi-Fi router, a third party could potentially execute arbitrary code or the product could be subjected to a Denial-of-Service (DoS) attack. (CVE-2022-24672, CVE-2022-24673, CVE-2022-24674)
Affected models:
imageCLASS D Series
D1620/D1650
D1520/D1550
imageCLASS MF Series
MF1127C
MF1238/MF1238 II
MF1643i II/MF1643iF II
MF414DW/MF416DW/MF419DW/MF515DW
MF424DW/MF426DW/MF429DW/MF525DW
MF445DW/MF448DW/MF449DW/MF543DW
MF451DW/MF452DW/MF453DW/MF455DW
MF6160DW/MF6180DW
MF624CW/MF628CDW
MF632CDW/MF634CDW
MF641CW/MF642CDW/MF644CDW
MF726CDW/MF729CDW
MF731CDW/MF733CDW/MF735CDW
MF741CDW/MF743CDW/MF745CDW/MF746CDW
MF810CDN/MF820CDN
MF8280CW/MF8580CDW
imageCLASS LBP Series
LBP1127C
LBP1238/LBP1238 II
LBP214DW/LBP215DW
LBP226DW/LBP227DW/LBP228DW
LBP236DW/LBP237DW
LBP251DW/LBP253DW
LBP612CDW
LBP622CDW/LBP623CDW
LBP654CDW
LBP664CDW
imageRUNNER Series
iR1435i/1435iF/1435P/1435i+/1435iF+/1435P+*
iR1643i/iR1643iF*
Inkjet Printer - WG Series
WG7240/WG7250/WG7250F/WG7250Z
Note: If we determine that additional products could potentially be impacted by this matter, we will issue an updated Service Notice.
Support
Firmware Download
Please proceed to https://www.usa.canon.com/support to download the latest firmware.
* Regarding the availability of the firmware upgrades for Canon Small Office Multifunction Printers, please contact your Authorized Servicer in charge of servicing your Canon equipment.
Furthermore, if you have not done so already, we recommend that you set up a private IP address for products and create a network environment with a firewall or Wi-Fi router that can restrict network access.
In addition, please check “Regarding security for products connected to a network” in the URL below for other security measures that can be used with your Canon products.
https://global.canon/en/support/security/prd-secu.html
Credit
----------------------
Canon would like to thank the following people for identifying this vulnerability.
CVE-2022-24672: Mehdi Talbi (@abu_y0ussef), Remi Jullian (@netsecurity1), Thomas Jeunet (@cleptho), from @Synacktiv working with Trend Micro's Zero Day Initiative
CVE-2022-24673: Angelboy (@scwuaptx) from DEVCORE Research Team working with Trend Micro's Zero Day Initiative
CVE-2022-24674: Nicolas Devillers ( @nikaiw ), Jean-Romain Garnier and Raphael Rigo ( @_trou_ ) working with Trend Micro's Zero Day Initiative
----------------------
Thank you,
Customer Support
Canon U.S.A., Inc.
Get personalized support via My Canon Account. Access your account, or create a new account, click here to get started.