Regarding Vulnerability Measure Against Buffer Overflow for Laser Printers/Inkjet Printers and Small Office Multifunction Printers - Canon Singapore

Thank you for using Canon Products.

Multiple cases of buffer overflow vulnerability have been detected for Canon Laser Printers/Inkjet Printers and Small Office Multifunction Printers listed under Affected Models below. (CVE-2022-24672, CVE-2022-24673, CVE-2022-24674)

This vulnerability suggests the possibility that if a product is connected directly to the Internet without using a router (wired or Wi-Fi), a party may be able to execute arbitrary code and/or subject the product to Denial-of Service (DoS) attack.

There have been no reports of damage relating to this vulnerability. However, to enhance the security of the product, we advise customers to install the latest firmware available for the Affected Models provided below.

We also recommend customers to set a private IP address for the products and create a network environment with a firewall or Wired/Wi-Fi router that can restrict network access.

For more details on securing products when connected to a network, please visit here.

We continue to review and strengthen security measures for our products to ensure that customers can continue using Canon products with peace of mind.

Affected Products:

We will continue to update customers on any vulnerability detected in other products.

Contact Information for Inquiries:
Please contact your nearest service centre if you have any queries.

Acknowledgement:
CVE-2022-24672: Mehdi Talbi (@abu_y0ussef), Remi Jullian (@netsecurity1), Thomas Jeunet (@cleptho), from @Synacktiv working with Trend Micro's Zero Day Initiative
CVE-2022-24673: Angelboy (@scwuaptx) from DEVCORE Research Team working with Trend Micro's Zero Day Initiative
CVE-2022-24674: Nicolas Devillers (@nikaiw), Jean-Romain Garnier and Raphael Rigo (@_trou_) working with Trend Micro's Zero Day Initiative

First Posted on 15 Feb 2022