Regarding Vulnerability Measure Against Buffer Overflow for Laser Printers/Inkjet Printers and Small Office Multifunction Printers
Thank you for using Canon Products.
Multiple cases of buffer overflow vulnerability have been detected for Canon Laser Printers/Inkjet Printers and Small Office Multifunction Printers listed under Affected Models below. (CVE-2022-24672, CVE-2022-24673, CVE-2022-24674)
This vulnerability suggests the possibility that if a product is connected directly to the Internet without using a router (wired or Wi-Fi), a party may be able to execute arbitrary code and/or subject the product to Denial-of Service (DoS) attack.
There have been no reports of damage relating to this vulnerability. However, to enhance the security of the product, we advise customers to install the latest firmware available for the Affected Models provided below.
We also recommend customers to set a private IP address for the products and create a network environment with a firewall or Wired/Wi-Fi router that can restrict network access.
For more details on securing products when connected to a network, please visit here.
We continue to review and strengthen security measures for our products to ensure that customers can continue using Canon products with peace of mind.
Affected Products:
| Model Name | Related Product Supports |
| imageRUNNER 1435, imageRUNNER 1435iF | Please contact your nearest service centre for firmware update support. |
| imageRUNNER 1643i II, imageRUNNER 1643iF II | Please contact your nearest service centre for firmware update support. |
| imageRUNNER 1643i, imageRUNNER 1643iF | Please contact your nearest service centre for firmware update support. |
| imageRUNNER C1325 | Please contact your nearest service centre for firmware update support. |
| imageRUNNER C3020 | Please contact your nearest service centre for firmware update support. |
| imageRUNNER C3120 | Please contact your nearest service centre for firmware update support. |
| imageRUNNER C3222L | Please contact your nearest service centre for firmware update support. |
| LBP214Dw | Download latest firmware here |
| LBP215x | Download latest firmware here |
| LBP226Dw | Download latest firmware here |
| LBP228x | Download latest firmware here |
| LBP251Dw | Download latest firmware here |
| LBP253Dw | Download latest firmware here |
| LBP253X | Download latest firmware here |
| LBP611Cn | Download latest firmware here |
| LBP613Cdw | Download latest firmware here |
| LBP621Cw | Download latest firmware here |
| LBP623Cdw | Download latest firmware here |
| LBP654Cx | Download latest firmware here |
| LBP664Cx | Download latest firmware here |
| imageCLASS MF416dw | Download latest firmware here |
| imageCLASS MF419dw | Download latest firmware here |
| imageCLASS MF426dw | Download latest firmware here |
| imageCLASS MF429X | Download latest firmware here |
| imageCLASS MF445dw | Download latest firmware here |
| imageCLASS MF449x | Download latest firmware here |
| imageCLASS MF515X | Download latest firmware here |
| imageCLASS MF525X | Download latest firmware here |
| imageCLASS MF543x | Download latest firmware here |
| imageCLASS MF6180dw | Download latest firmware here |
| imageCLASS MF621Cn | Download latest firmware here |
| imageCLASS MF628Cw | Download latest firmware here |
| imageCLASS MF631Cn | Download latest firmware here |
| imageCLASS MF632Cdw | Download latest firmware here |
| imageCLASS MF633Cdw | Download latest firmware here |
| imageCLASS MF635Cx | Download latest firmware here |
| imageCLASS MF641Cw | Download latest firmware here |
| imageCLASS MF642Cdw | Download latest firmware here |
| imageCLASS MF643Cdw | Download latest firmware here |
| imageCLASS MF644Cdw | Download latest firmware here |
| imageCLASS MF645Cx | Download latest firmware here |
| imageCLASS MF729Cdw | Download latest firmware here |
| imageCLASS MF729Cx | Download latest firmware here |
| imageCLASS MF735Cx | Download latest firmware here |
| imageCLASS MF746Cx | Download latest firmware here |
| imageCLASS MF810Cdn | Download latest firmware here |
| imageCLASS MF8210Cn | Download latest firmware here |
| imageCLASS MF8280Cw | Download latest firmware here |
| imageCLASS MF8580Cdw | Download latest firmware here |
| WG7740 | Download latest firmware here |
| WG7750F, WG7750FM | Download latest firmware here |
We will continue to update customers on any vulnerability detected in other products.
Contact Information for Inquiries:
Please contact your nearest service centre if you have any queries.
Acknowledgement:
CVE-2022-24672: Mehdi Talbi (@abu_y0ussef), Remi Jullian (@netsecurity1), Thomas Jeunet (@cleptho), from @Synacktiv working with Trend Micro's Zero Day Initiative
CVE-2022-24673: Angelboy (@scwuaptx) from DEVCORE Research Team working with Trend Micro's Zero Day Initiative
CVE-2022-24674: Nicolas Devillers (@nikaiw), Jean-Romain Garnier and Raphael Rigo (@_trou_) working with Trend Micro's Zero Day Initiative
First Posted on 15 Feb 2022