Japanese imaging and optical products giant Canon on Monday warned that more than 200 of its inkjet printer models fail to properly erase Wi-Fi configuration settings.
The issue, the company says, impacts both home and office printer series, and could potentially lead to the exposure of sensitive information.
Printer owners might need to delete the Wi-Fi settings from the printer’s memory when sending the device to repair or when disposing of it.
However, because the impacted models do not properly erase this information, third-parties could extract it and potentially abuse it for nefarious purposes, such as gaining unauthorized access to internal networks.
“Sensitive information on the Wi-Fi connection settings stored in the memories of inkjet printers (home and office/large format) may not be deleted by the usual initialization process,” Canon says in its advisory.
Canon has provided a list of more than 200 printer models that are affected by this vulnerability. Approximately 60 models are large-format inkjet printers typically used by businesses.
The company recommends that, when sending one of these printers to repair, lending it, or disposing of it, users perform a full reset of all settings, then turn the wireless LAN on and reset all settings once more.
For models that do not have the ‘reset all settings’ function, users should reset LAN settings, enable wireless LAN, and then reset those settings once again.
It is unclear whether firmware updates will be released to address this issue. SecurityWeek has emailed Canon for an official statement on the matter.
Update: Canon U.S.A., Inc. provided the following statement to SecurityWeek:
“The notice on psirt.canon was released proactively to alert customers, including steps to address. New firmware will be released as soon as it is available.”
Related: Critical Vulnerability Impacts Over 120 Lexmark Printers
Related: Many Vulnerabilities Found in PrinterLogic Enterprise Software
Related: Canon Says Data Stolen in August 2020 Ransomware Attack
More from Ionut Arghire
- Silverfort Open Sources Lateral Movement Detection Tool
- Generative AI Startup Nexusflow Raises $10.6 Million
- Researchers Extract Sounds From Still Images on Smartphone Cameras
- Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
- Cloudflare Users Exposed to Attacks Launched From Within Cloudflare: Researchers
- FBI Warns Organizations of Dual Ransomware, Wiper Attacks
- Lumu Raises $30 Million for Threat Detection and Response Platform
- Cisco Warns of IOS Software Zero-Day Exploitation Attempts
Latest News
- Silverfort Open Sources Lateral Movement Detection Tool
- Bankrupt IronNet Shuts Down Operations
- AWS Using MadPot Decoy System to Disrupt APTs, Botnets
- Generative AI Startup Nexusflow Raises $10.6 Million
- In Other News: RSA Encryption Attack, Meta AI Privacy, ShinyHunters Hacker Guilty Plea
- Researchers Extract Sounds From Still Images on Smartphone Cameras
- National Security Agency is Starting an Artificial Intelligence Security Center
- CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks
