
Canon has issued a critical security advisory warning customers of multiple buffer overflow vulnerabilities affecting its Laser Printers and Small Office Multifunction Printers. These vulnerabilities, tracked under CVE-2024-12647, CVE-2024-12648, and CVE-2024-12649, have received a CVSS score of 9.8, highlighting their severity. If exploited, these flaws could allow attackers to execute arbitrary code or launch Denial-of-Service (DoS) attacks, rendering devices unresponsive.
The vulnerabilities stem from buffer overflow issues in various functionalities, including CPCA font download processing, TIFF data EXIF tag processing, and XPS data font processing. If exploited, these flaws could allow attackers to take control of the devices or render them unusable.
The vulnerabilities primarily affect devices connected directly to the Internet without proper network protection. Canon emphasizes, “A third party could potentially execute arbitrary code or the product could be subjected to a Denial-of-Service (DoS) attack.”
The vulnerabilities impact several models sold across Japan, the US, and Europe, including:
- Japan: Satera MF656Cdw/Satera MF654Cdw (firmware v05.04 and earlier).
- US: Color imageCLASS MF656Cdw, MF654Cdw, MF653Cdw, MF652Cdw, LBP633Cdw, LBP632Cdw (firmware v05.04 and earlier).
- Europe: i-SENSYS MF657Cdw, MF655Cdw, MF651Cdw, LBP633Cdw, LBP631Cdw (firmware v05.04 and earlier).
Canon notes that additional products could be affected, and updates will be issued if necessary.
To safeguard devices, Canon recommends the following measures:
- Configure a Private Network:
- Assign a private IP address to the printer.
- Use a firewall or wired/Wi-Fi router to restrict network access.
- Update Firmware:
- Install the latest firmware available for your device.
- Follow these steps to update firmware directly from the printer:
- For Touch Panel Models: Navigate to [Update Firmware] on the home screen, accept the license agreement, and confirm the update.
- For Black and White LCD Models: Access [Menu] > [Management Settings] > [Remote UI Settings/Update Firmware], select [Via Internet], and follow the prompts.
- Secure Network Environments:
- Ensure proper network segmentation and secure remote access methods when necessary.
Canon has provided detailed instructions for firmware updates in the product’s user manual, urging customers to act promptly to mitigate risks.
Related Posts:
- Canon Warns of Critical Vulnerabilities in Printers: RCE & DoS Attacks
- Canon Printers: Critical CVE-2024-2184 (CVSS 9.8) Flaw Requires Immediate Firmware Update
- Over 1,000 Lexmark printers worldwide are exposed online