Multiple vulnerabilities were found for certain Office/Small Office Multifunction Printers, Laser Printers and Inkjet Printers.
These vulnerabilities indicate the possibility that if a product is connected directly to the Internet without using a router (wired or Wi-Fi), an unauthenticated remote attacker via the Internet may be able to execute arbitrary code and/or may be able to target the product in a Denial-of-Service (DoS) attack. An attacker may also be able to install arbitrary files due to improper authentication of RemoteUI.
<Problems during Initial Registration of System Administrators in Control Protocols>
<Improper Authentication of RemoteUI>
<Installation of Arbitrary Files>
It is recommended to set a private IP address for the products and create a network environment with a firewall or wired/Wi-Fi router that can restrict network access, please refer here. Firmware designed to address these issues will be uploaded on websites of your local Canon sales representatives accordingly. Please be advised to update the firmware to the latest released version.