Advisory for Laser Printers and Small Office Multifunction Printers
Thank you for using Canon Products.
A cross-site scripting vulnerability has been identified in the Remote UI feature of Canon Laser Printers and Small Office Multifunction Printers (Refer to affected models shown below) (Vulnerability Tracking ID:JVN#64806328).
For this vulnerability to be exploited, the attacker needs to operate the affected product in the administrator mode.
There have been no reports of loss relating to this vulnerability. However, to enhance the safety of the product, we advise customers to install the latest firmware available for the products mentioned below.
We also recommend customers to set a private IP address for the products and create a network environment with a firewall or Wi-Fi router that can restrict network access.
For more details on securing products when connected to a network, please visit here.
We continue to review and strengthen security measures for our products to ensure that customers can continue using Canon products with peace of mind.
Affected Products:
- LBP113w, LBP913w
- LBP151dw
- LBP162dw
- MF113w, MF913w
- MF269dw, MF267dw, MF264dw
- MF249dw, MF244dw, MF237w, MF232w
- MF229dw, MF217w, MF212w
- MF4890dw, MF4720w
- MF4420w
Please visit here for latest firmware available for the affected products.
Contact Information for Inquiries:
Please contact your nearest service centre if you have any queries.
First Posted on 24 Dec 2021