Vulnerabilities Mitigation/Remediation for Small Office Multifunction Printers and Laser Printers
Description
Multiple vulnerabilities were identified for certain Small Office Multifunction Printers and Laser Printers. If the product connects directly to the Internet without using a router (either wired or Wi-Fi), an unauthenticated remote attacker may be able to execute arbitrary code that targets the product in a Denial-of-Service (DoS) attack via the Internet.
<Buffer Overflow>
CVE-2024-12647
CVE-2024-12648
CVE-2024-12649
CVE-2025-2145
Mitigation/Remediation
Customers are advised to create a network environment with a firewall or wired/Wi-Fi router that restricts network access and set a private IP address for the products.
See here for more details on how to secure the products when connecting to a network.
To address these issues, firmware will be uploaded on your local Canon sales representatives’ websites. It is advised to install the latest firmware once available.
First Posted on 23 May 2025