CP2025-001 Vulnerabilities Mitigation/Remediation for Small Office Multifunction Printers and Laser Printers

 

 

Multiple vulnerabilities have been identified for certain Small Office Multifunction Printers and Laser Printers.

These vulnerabilities indicate the possibility that, if a product is connected directly to the Internet without using a router (wired or Wi-Fi), an unauthenticated remote attacker may be able to execute arbitrary code and/or may be able to target the product in a Denial-of-Service (DoS) attack via the Internet.

 

<Buffer Overflow>

CVE-2024-12647

CVE-2024-12648

CVE-2024-12649

CVE-2025-2146

 

We advise that our customers set a private IP address for the products and create a network environment with a firewall or wired/Wi-Fi router that can restrict network access.

Please refer here for more details on securing products when connecting to a network.

Firmware designed to address these issues will be uploaded on websites of your local Canon sales representatives. We advise that our customers install the latest firmware available.

 

2025-05-22: Added CVE ID (CVE-2025-2146) related to the same product series

2025-01-27: Created