Japanese imaging and optical products giant Canon on Monday warned that more than 200 of its inkjet printer models fail to properly erase Wi-Fi configuration settings.
The issue, the company says, impacts both home and office printer series, and could potentially lead to the exposure of sensitive information.
Printer owners might need to delete the Wi-Fi settings from the printer’s memory when sending the device to repair or when disposing of it.
However, because the impacted models do not properly erase this information, third-parties could extract it and potentially abuse it for nefarious purposes, such as gaining unauthorized access to internal networks.
“Sensitive information on the Wi-Fi connection settings stored in the memories of inkjet printers (home and office/large format) may not be deleted by the usual initialization process,” Canon says in its advisory.
Canon has provided a list of more than 200 printer models that are affected by this vulnerability. Approximately 60 models are large-format inkjet printers typically used by businesses.
The company recommends that, when sending one of these printers to repair, lending it, or disposing of it, users perform a full reset of all settings, then turn the wireless LAN on and reset all settings once more.
For models that do not have the ‘reset all settings’ function, users should reset LAN settings, enable wireless LAN, and then reset those settings once again.
It is unclear whether firmware updates will be released to address this issue. SecurityWeek has emailed Canon for an official statement on the matter.
Update: Canon U.S.A., Inc. provided the following statement to SecurityWeek:
“The notice on psirt.canon was released proactively to alert customers, including steps to address. New firmware will be released as soon as it is available.”
Related: Critical Vulnerability Impacts Over 120 Lexmark Printers
Related: Many Vulnerabilities Found in PrinterLogic Enterprise Software
Related: Canon Says Data Stolen in August 2020 Ransomware Attack
