Product Advisories

Print This PageEmail This Page

Service Notice: Regarding Vulnerability Measure Against Buffer Overflow for Laser Printers and Small Office Multifunctional Printers

Thank you for using Canon products.

Canon U.S.A., Inc. has recently become aware of potential multiple buffer overflow vulnerabilities in the Canon Laser Printers and Small Office Multifunctional Printers listed under “Affected Models” below.

If the product is connected directly to the Internet without using a wired or Wi-Fi router, a third party could potentially execute arbitrary code or the product could be subjected to a Denial-of-Service (DoS) attack.

Listed below are the CVE numbers associated with the potential Buffer Overflow issue:
• CVE-2024-12647
• CVE-2024-12648
• CVE-2024-12649

Affected Products

imageCLASS MF Series
• imageCLASS MF656CDW
• imageCLASS MF654CDW
• imageCLASS MF653CDW
• imageCLASS MF652CW

imageCLASS LBP Series
• imageCLASS LBP632CDW
• imageCLASS LBP633CDW

Note: If we determine that additional products could potentially be impacted by this matter, we will issue an updated Service Notice.

Mitigation/Remediation:

We recommend that our customers set a private IP address for the products and create a network environment with a firewall or wired/Wi-Fi router that can restrict network access.

Please refer here for more details on securing products when connecting to a network.

In addition, we advise that our customers install the latest firmware available using the instructions below.

To update the firmware via the Internet, take the following steps from the printer unit:

<Touch Panel Model>
1. Select [Update Firmware] on the Home screen.
2. When a license screen appears, select [Accept].
3. Select [OK].

<Black and White LCD Model>
1. Select [Menu] on the Home screen.
2. Select [Management Settings].
3. Select [Remote UI Settings/Update Firmware] > [Update Firmware].
4. Select [Via Internet].
5. Check the message and select [Yes].
6. When a license screen appears, press [OK].
7. Select [OK].

For more information, please refer to the "Updating the Firmware" section in the product’s User Manual.

Contact Information
Should you have any questions about the announcement, please contact the Authorized Service Facility in your area or you may contact the Call Center within your region.