30 Sep 2020

    Regarding the Security Advisory for Canon Laser Printer and Small Office Multifunctional Printer Related to IP Stack Protocol 

    Thank you for using Canon Products.

    SCADAfence Ltd, a cybersecurity company headquartered in Israel, has drawn to our attention the vulnerabilities related to the IP stack protocol, which is used by Canon Laser Printer and Small office Multifunctional Printer. (CVE-2020-16849)

    Due to these vulnerabilities, a potential risk exists for a third-party attack on the printer if it is connected to a PC and fragmentary “Address book” or/and “administrator password” has been accessed through an unsecured network. When HTTPS is used for accessing the Remote UI, it is secure as those data are encrypted.

    There have not been any confirmed cases of these vulnerabilities being exploited to cause harm, but to ensure that our customers' confidentiality and can use our products securely, we would like to request you to update firmware for the products mentioned below.

    Furthermore, we recommend you to set a private IP address for the products and create a network environment with a firewall or Wi-Fi router that can restrict network access.

    We have outlined several security measures to ensure customers can continue to use their Canon products more securely, please refer to “Regarding security for products connected to a network” here.

    Affected Products:
    imageCLASS MF212w/216n/217w
    imageCLASS MF221d/226dn/229dw
    imageCLASS MF241d/244dw/246dn/249dw
    imageCLASS MF261d/264dw/266dn/267dw/269dw
    imageCLASS MF4420w
    imageCLASS MF4570dn/4580dn
    imageCLASS MF4720w/4770n
    imageCLASS MF4870dn/4890dw

    imageCLASS LBP113w/913w
    imageCLASS LBP151dw
    imageCLASS LBP161dn/161dn+/162dw

    imageRUNNER 2002N/2202N
    imageRUNNER 2004N/2204N/2204F
    imageRUNNER 2006N/2206N

    For imageCLASS products, please proceed to our support website for firmware download.

    For imageRUNNER products, please contact your local Canon service representative for support.


    First posted on 30 Sep 2020