Thank you for using Canon Products.
Multiple vulnerabilities were found for certain Office / Small Office Multifunction Printers, Laser Printers and Inkjet Printers.
These vulnerabilities indicate the possibility that if a product is connected directly to the Internet without using a router (wired or Wi-Fi), an unauthenticated remote attacker via the Internet may be able to execute arbitrary code and/or may be able to target the product in a Denial-of Service (DoS) attack. An attacker may also be able to install arbitrary files due to improper authentication of RemoteUI.
Buffer Overflow
CVE-2023-0851
CVE-2023-0852
CVE-2023-0853
CVE-2023-0854
CVE-2023-0855
CVE-2023-0856
CVE-2022-43974
CVE-2022-43608
Problems During Initial Registration of System Administrators in Control Protocols
CVE-2023-0857
Improper authentication of RemoteUI
CVE-2023-0858
Installation of arbitrary files
CVE-2023-0859
There have been no reports of damage relating to this vulnerability. However, to enhance the security of the product, we advise customers to install the latest firmware available for the Affected Models provided below.
We also recommend customers to set a private IP address for the products and create a network environment with a firewall or Wired/Wi-Fi router that can restrict network access.
For more details on securing products when connected to a network, please visit here.
We continue to review and strengthen security measures for our products to ensure that customers can continue using Canon products with peace of mind.
Affected Products:
Small Office MFP/LBP, please click here.
Inkjet Printer, please click here.
We will continue to update customers on any vulnerability detected in other products.
Please click here for latest firmware available for the Affected Models.
Contact Information for Inquiries:
Please contact your nearest service centre if you have any queries.
First Posted on 17 Apr 2023