Regarding the Security Advisory for Canon Laser Printer and Small Office Multifunctional Printer Related to IP Stack Protocol
Thank you for using Canon Products.
SCADAfence Ltd, a cybersecurity company headquartered in Israel, has drawn to our attention the vulnerabilities related to the IP stack protocol, which is used by Canon Laser Printer and Small office Multifunctional Printer. (CVE-2020-16849)
Due to these vulnerabilities, a potential risk exists for a third-party attack on the printer if it is connected to a PC and fragmentary “Address book” or/and “administrator password” has been accessed through an unsecured network. When HTTPS is used for accessing the Remote UI, it is secure as those data are encrypted.
There have not been any confirmed cases of these vulnerabilities being exploited to cause harm, but to ensure that our customers' confidentiality and can use our products securely, we would like to request you to update firmware for the products mentioned below.
Furthermore, we recommend you to set a private IP address for the products and create a network environment with a firewall or Wi-Fi router that can restrict network access.
We have outlined several security measures to ensure customers can continue to use their Canon products more securely, please refer to “Regarding security for products connected to a network” here.
Affected Products:
imageCLASS MF212w/216n/217w
imageCLASS MF221d/226dn/229dw
imageCLASS MF241d/244dw/246dn/249dw
imageCLASS MF261d/264dw/266dn/267dw/269dw
imageCLASS MF4420w
imageCLASS MF4570dn/4580dn
imageCLASS MF4720w/4770n
imageCLASS MF4870dn/4890dw
imageCLASS LBP113w/913w
imageCLASS LBP151dw
imageCLASS LBP161dn/161dn+/162dw
imageRUNNER 2002N/2202N
imageRUNNER 2004N/2204N/2204F
imageRUNNER 2006N/2206N
Support:
For imageCLASS products, please proceed to our support website for firmware download.
For imageRUNNER products, please contact your local Canon service representative for support.
First posted on 30 Sep 2020