The OEM has released a service notice warning of a buffer overflow for laser printers and small office multifunctional printers.
Canon U.S.A., Inc. has recently become aware of potential multiple buffer overflow vulnerabilities in these Canon laser printers and small office multifunctional printers:
Affected models are:
imageCLASS MF series
MF1238 II
MF1333C
MF1643i II/MF1643iF II
MF275DW/MF273DW/MF272DW
MF455DW/MF453DW/MF452DW/MF451DW
MF753CDW/MF751CDW
imageCLASS LBP series
LBP122DW
LBP1238 II
LBP1333C
LBP237DW/LBP236DW
LBP674CDW
If the product is connected directly to the internet without using a wired or Wi-Fi router, a third party could potentially execute arbitrary code, or the product could be subjected to a Denial-of-Service (DoS) attack.
The vulnerabilities are associated with the following CVE numbers:
- CVE-2023-6229
- CVE-2023-6233
- CVE-2023-6230
- CVE-2023-6234
- CVE-2023-6231
- CVE-2024-0244
- CVE-2023-6232
Canon recommends to download and install the latest firmware updates to fix the issues and added: “we recommend that you set up a private IP address for products and create a network environment with a firewall or Wi-Fi router that can restrict network access.”
