CP2024-002 Vulnerability Mitigation/Remediation for Small Office Multifunction Printers and Laser Printers

 

 

A buffer overflow vulnerability in the WSD protocol process was found for certain Small Office Multifunction Printers and Laser Printers.

This vulnerability indicates the possibility that, if a product is connected directly to the Internet without using a router (wired or Wi-Fi), an unauthenticated remote attacker may be able to execute arbitrary code and/or may be able to target the product in a Denial-of-Service (DoS) attack via the Internet.

 

Color imageCLASS/imageCLASS/i-SENSYS/Satera LBP660C/620C Series, Color imageCLASS X LBP1127C, C1127P firmware v12.07 and earlier

Color imageCLASS/imageCLASS/i-SENSYS/Satera LBP670C Series, Color imageCLASS X LBP1333C, C1333P firmware v03.09 and earlier

Color imageCLASS/imageCLASS/i-SENSYS/Satera MF740C/640C Series, Color imageCLASS X MF1127C, C1127i/iF firmware v12.07 and earlier

Color imageCLASS/imageCLASS/i-SENSYS/Satera MF750C Series, Color imageCLASS X MF1333C, C1333i/iF firmware v03.09 and earlier

 

CVE-2024-2184:	Buffer overflow in identifier field of WSD probe request process of Small Office Multifunction Printers and Laser Printers
	CVSS v3    CVSS: 3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H    Base Score: 9.8

 

We advise that our customers set a private IP address for the products and create a network environment with a firewall or wired/Wi-Fi router that can restrict network access.

Please refer here for more details on securing products when connecting to a network.

In addition, we advise that our customers install the latest firmware available using the instructions below.

 

To update the firmware via the Internet, take the following steps from the printer unit:

<Touch Panel Model>

 

<Black and White LCD Model>

 

For more information, please refer to the "Updating the Firmware" section in the User’s manual.