Japanese electronics maker Canon on Monday announced software updates that patch seven critical-severity vulnerabilities impacting several small office printer models.
The issues, described as buffer overflow bugs, can be exploited over the network for remote code execution (RCE) or to cause the vulnerable product to become unresponsive.
“These vulnerabilities indicate the possibility that, if a product is connected directly to the Internet without using a router (wired or Wi-Fi), an unauthenticated remote attacker may be able to execute arbitrary code and/or may be able to target the product in a denial-of-service (DoS) attack via the internet,” Canon notes.
The flaws are tracked as CVE-2023-6229 through CVE-2023-6234 and CVE-2024-0244. According to Japan’s vulnerability information portal JVN, they have a CVSS score of 9.8.
NIST advisories reveal that the flaws were identified in components such as the CPCA PDL resource download process, Address Book password process, WSD probe request process, Address Book username process, SLP attribute request process, CPCA Color LUT resource download process, and CPCA PCFAX number process.
The vulnerable printer models differ slightly based on region: i-SENSYS LBP673Cdw, MF752Cdw, MF754Cdw, C1333i, C1333iF, and C1333P series in Europe, imageCLASS MF753CDW, MF751CDW, MF1333C, LBP674CDW, and LBP1333C series in North America; and Satera LBP670C and MF750C series in Japan.
For all models, however, the vulnerabilities impact firmware versions 03.07 and earlier. Updates that address these bugs can be found on Canon’s regional websites.
“There have been no reports of these vulnerabilities being exploited. However, to enhance the security of the product, we advise that our customers install the latest firmware available for the affected models,” Canon says on its European support site.
Given that the vulnerabilities described above can be exploited remotely, customers are also advised to restrict access to the printers, hiding them behind a firewall or a router, and setting a private IP address for them.
Canon notes that all seven security defects were reported through Trend Micro’s Zero Day Initiative (ZDI).