Regarding Vulnerability Measure against Buffer Overflow for Laser Printers and Small Office Multifunction Printers - Canon India

09 Apr 2024 (Updated)

Regarding Vulnerability Measure against Buffer Overflow for Laser Printers and Small Office Multifunction Printers

Thank you for using Canon Products.

Multiple cases of buffer overflow vulnerabilities have been found for Canon Laser Printers and Small Office Multifunction Printers.

These vulnerabilities indicate the possibility that if a product is connected directly to the Internet without using a router (wired or Wi-Fi), an unauthenticated remote attacker via the Internet may be able to execute arbitrary code and/or may be able to target the product in a Denial-of Service (DoS) attack.

Buffer Overflow
CVE-2023-6229
CVE-2023-6230
CVE-2023-6231
CVE-2023-6232
CVE-2023-6233
CVE-2023-6234
CVE-2024-0244

There have been no reports of damage relating to this vulnerability. However, to enhance the security of the product, we advise customers to install the latest firmware available for the Affected Models provided below.

We also recommend customers to set a private IP address for the products and create a network environment with a firewall or Wired/Wi-Fi router that can restrict network access.

For details, please refer  to the following link.

We will work towards further strengthening security measures to ensure that customers can continue using Canon products with peace of mind.

Affected Products:
Small Office MFP/LBP,  please click here.
Business Multifunction Devices,  please click here.

We will continue to update customers on any vulnerability detected in other products.

Contact Information for Inquiries:
Please contact your nearest service centre if you have any queries.

 

First Posted on 5 Feb 2024

Affected Products

imageCLASS LBP

Please click here for latest firmware available for the Affected Models.

Product Model CVE-
2023-6229
CVE-
2023-6230
CVE-
2023-6231
CVE-
2023-6232
CVE-
2023-6233
CVE-
2023-6234
CVE-
2024-0244
LBP121dn YES YES YES YES YES YES -
LBP122dw YES YES YES YES YES YES -
LBP243dw YES YES YES YES YES YES -
LBP246dw YES YES YES YES YES YES -
LBP248x YES YES YES YES YES YES -
LBP621Cw YES YES YES YES YES YES -
LBP623Cdw YES YES YES YES YES YES -
LBP664Cx YES YES YES YES YES YES -
LBP673Cdw YES YES YES YES YES YES -
LBP674Cx YES YES YES YES YES YES -

imageCLASS MF

Please click here for latest firmware available for the Affected Models.

Product Model CVE-
2023-6229
CVE-
2023-6230
CVE-
2023-6231
CVE-
2023-6232
CVE-
2023-6233
CVE-
2023-6234
CVE-
2024-0244
MF271dn YES YES YES YES YES YES -
MF272dw YES YES YES YES YES YES -
MF274dn YES YES YES YES YES YES -
MF275dw YES YES YES YES YES YES -
MF461dw YES YES YES YES YES YES -
MF465dw YES YES YES YES YES YES -
MF469x YES YES YES YES YES YES -
MF641Cw YES YES YES YES YES YES -
MF642Cdw YES YES YES YES YES YES -
MF643Cdw YES YES YES YES YES YES -
MF644Cdw YES YES YES YES YES YES YES
MF645Cx YES YES YES YES YES YES YES
MF746Cx YES YES YES YES YES YES YES
MF752Cdw YES YES YES YES YES YES -
MF756Cx YES YES YES YES YES YES YES
imageRUNNER

(Please contact your nearest service centre if you have any queries.)

Product Model CVE-
2023-6229
CVE-
2023-6230
CVE-
2023-6231
CVE-
2023-6232
CVE-
2023-6233
CVE-
2023-6234
CVE-
2024-0244
imageRUNNER 1643i II YES YES YES YES YES YES -
imageRUNNER 1643iF II YES YES YES YES YES YES -