Regarding Vulnerability Measure Against Buffer Overflow for Laser Printers/Inkjet Printers and Small Office Multifunction Printers - Canon HongKong

18 Jul 2022 (Updated)

    Regarding Vulnerability Measure Against Buffer Overflow for Laser Printers/Inkjet Printers and Small Office Multifunction Printers

    Thank you for using Canon Products.

    Multiple cases of buffer overflow vulnerability have been detected for Canon Laser Printers/Inkjet Printers and Small Office Multifunction Printers listed under Affected Models below. (CVE-2022-24672, CVE-2022-24673, CVE-2022-24674)

    This vulnerability suggests the possibility that if a product is connected directly to the Internet without using a router (wired or Wi-Fi), a party may be able to execute arbitrary code and/or subject the product to Denial-of Service (DoS) attack.

    There have been no reports of damage relating to this vulnerability. However, to enhance the security of the product, we advise customers to install the latest firmware available for the Affected Models provided below.

    We also recommend customers to set a private IP address for the products and create a network environment with a firewall or Wired/Wi-Fi router that can restrict network access.

    For more details on securing products when connected to a network, please visit here.

    We continue to review and strengthen security measures for our products to ensure that customers can continue using Canon products with peace of mind.

    Affected Products:

    Model Name Related Product Supports
    imageRUNNER 1435, imageRUNNER 1435iF Please contact your nearest service centre for firmware update support.
    imageRUNNER 1643i II, imageRUNNER 1643iF II Please contact your nearest service centre for firmware update support.
    imageRUNNER 1643i, imageRUNNER 1643iF Please contact your nearest service centre for firmware update support.
    imageRUNNER C1325 Please contact your nearest service centre for firmware update support.
    imageRUNNER C3020 Please contact your nearest service centre for firmware update support.
    imageRUNNER C3120 Please contact your nearest service centre for firmware update support.
    imageRUNNER C3222L Please contact your nearest service centre for firmware update support.
    LBP214Dw Download latest firmware here
    LBP215x Download latest firmware here
    LBP226Dw Download latest firmware here
    LBP228x Download latest firmware here
    LBP251Dw Download latest firmware here
    LBP253Dw Download latest firmware here
    LBP253X Download latest firmware here
    LBP611Cn Download latest firmware here
    LBP613Cdw Download latest firmware here
    LBP621Cw Download latest firmware here
    LBP623Cdw Download latest firmware here
    LBP654Cx Download latest firmware here
    LBP664Cx Download latest firmware here
    imageCLASS MF416dw Download latest firmware here
    imageCLASS MF419dw Download latest firmware here
    imageCLASS MF426dw Download latest firmware here
    imageCLASS MF429X Download latest firmware here
    imageCLASS MF445dw Download latest firmware here
    imageCLASS MF449x Download latest firmware here
    imageCLASS MF515X Download latest firmware here
    imageCLASS MF525X Download latest firmware here
    imageCLASS MF543x Download latest firmware here
    imageCLASS MF6180dw Download latest firmware here
    imageCLASS MF621Cn Download latest firmware here
    imageCLASS MF628Cw Download latest firmware here
    imageCLASS MF631Cn Download latest firmware here
    imageCLASS MF632Cdw Download latest firmware here
    imageCLASS MF633Cdw Download latest firmware here
    imageCLASS MF635Cx Download latest firmware here
    imageCLASS MF641Cw Download latest firmware here
    imageCLASS MF642Cdw Download latest firmware here
    imageCLASS MF643Cdw Download latest firmware here
    imageCLASS MF644Cdw Download latest firmware here
    imageCLASS MF645Cx Download latest firmware here
    imageCLASS MF729Cdw Download latest firmware here
    imageCLASS MF729Cx Download latest firmware here
    imageCLASS MF735Cx Download latest firmware here
    imageCLASS MF746Cx Download latest firmware here
    imageCLASS MF810Cdn Download latest firmware here
    imageCLASS MF8210Cn Download latest firmware here
    imageCLASS MF8280Cw Download latest firmware here
    imageCLASS MF8580Cdw Download latest firmware here
    WG7740 Download latest firmware here
    WG7750F, WG7750FM Download latest firmware here


    We will continue to update customers on any vulnerability detected in other products.

    Contact Information for Inquiries:
    Please contact your nearest service centre if you have any queries.

    Acknowledgement:
    CVE-2022-24672: Mehdi Talbi (@abu_y0ussef), Remi Jullian (@netsecurity1), Thomas Jeunet (@cleptho), from @Synacktiv working with Trend Micro's Zero Day Initiative
    CVE-2022-24673: Angelboy (@scwuaptx) from DEVCORE Research Team working with Trend Micro's Zero Day Initiative
    CVE-2022-24674: Nicolas Devillers (@nikaiw), Jean-Romain Garnier and Raphael Rigo (@_trou_) working with Trend Micro's Zero Day Initiative

     

    First Posted on 15 Feb 2022