Regarding Vulnerability Measure against Buffer Overflow for Laser Printers and Small Office Multifunction Printers - Canon Taiwan

09 Apr 2024 (Updated)

    Regarding Vulnerability Measure against Buffer Overflow for Laser Printers and Small Office Multifunction Printers

    Thank you for using Canon Products.

    Multiple cases of buffer overflow vulnerabilities have been found for Canon Laser Printers and Small Office Multifunction Printers.

    These vulnerabilities indicate the possibility that if a product is connected directly to the Internet without using a router (wired or Wi-Fi), an unauthenticated remote attacker via the Internet may be able to execute arbitrary code and/or may be able to target the product in a Denial-of Service (DoS) attack.

    Buffer Overflow
    CVE-2023-6229
    CVE-2023-6230
    CVE-2023-6231
    CVE-2023-6232
    CVE-2023-6233
    CVE-2023-6234
    CVE-2024-0244

    There have been no reports of damage relating to this vulnerability. However, to enhance the security of the product, we advise customers to install the latest firmware available for the Affected Models provided below.

    We also recommend customers to set a private IP address for the products and create a network environment with a firewall or Wired/Wi-Fi router that can restrict network access.

    For details, please refer  to the following link.

    We will work towards further strengthening security measures to ensure that customers can continue using Canon products with peace of mind.

    Affected Products:
    Small Office MFP/LBP,  please click here.
    Business Multifunction Devices,  please click here.

    We will continue to update customers on any vulnerability detected in other products.

    Contact Information for Inquiries:
    Please contact your nearest service centre if you have any queries.

     

    First Posted on 5 Feb 2024

    Affected Products

    imageCLASS LBP

    Please click here for latest firmware available for the Affected Models.

    Product Model CVE-
    2023-6229
    CVE-
    2023-6230
    CVE-
    2023-6231
    CVE-
    2023-6232
    CVE-
    2023-6233
    CVE-
    2023-6234
    CVE-
    2024-0244
    LBP121dn YES YES YES YES YES YES -
    LBP122dw YES YES YES YES YES YES -
    LBP243dw YES YES YES YES YES YES -
    LBP246dw YES YES YES YES YES YES -
    LBP248x YES YES YES YES YES YES -
    LBP621Cw YES YES YES YES YES YES -
    LBP623Cdw YES YES YES YES YES YES -
    LBP664Cx YES YES YES YES YES YES -
    LBP673Cdw YES YES YES YES YES YES -
    LBP674Cx YES YES YES YES YES YES -

    imageCLASS MF

    Please click here for latest firmware available for the Affected Models.

    Product Model CVE-
    2023-6229
    CVE-
    2023-6230
    CVE-
    2023-6231
    CVE-
    2023-6232
    CVE-
    2023-6233
    CVE-
    2023-6234
    CVE-
    2024-0244
    MF271dn YES YES YES YES YES YES -
    MF272dw YES YES YES YES YES YES -
    MF274dn YES YES YES YES YES YES -
    MF275dw YES YES YES YES YES YES -
    MF461dw YES YES YES YES YES YES -
    MF465dw YES YES YES YES YES YES -
    MF469x YES YES YES YES YES YES -
    MF641Cw YES YES YES YES YES YES -
    MF642Cdw YES YES YES YES YES YES -
    MF643Cdw YES YES YES YES YES YES -
    MF644Cdw YES YES YES YES YES YES YES
    MF645Cx YES YES YES YES YES YES YES
    MF746Cx YES YES YES YES YES YES YES
    MF752Cdw YES YES YES YES YES YES -
    MF756Cx YES YES YES YES YES YES YES
    imageRUNNER

    (Please contact your nearest service centre if you have any queries.)

    Product Model CVE-
    2023-6229
    CVE-
    2023-6230
    CVE-
    2023-6231
    CVE-
    2023-6232
    CVE-
    2023-6233
    CVE-
    2023-6234
    CVE-
    2024-0244
    imageRUNNER 1643i II YES YES YES YES YES YES -
    imageRUNNER 1643iF II YES YES YES YES YES YES -