Canon PSIRT Logo

CP2025-001 Vulnerabilities Mitigation/Remediation for Small Office Multifunction Printers and Laser Printers

CP2025-001 Vulnerabilities Mitigation/Remediation for Small Office Multifunction Printers and Laser Printers

Updated: May 22, 2025
January 27, 2025
Canon Inc.
 
 
Description
Multiple vulnerabilities have been identified for certain Small Office Multifunction Printers and Laser Printers.
These vulnerabilities indicate the possibility that, if a product is connected directly to the Internet without using a router (wired or Wi-Fi), an unauthenticated remote attacker may be able to execute arbitrary code and/or may be able to target the product in a Denial-of-Service (DoS) attack via the Internet.
 
<Buffer Overflow>
CVE-2024-12647
CVE-2024-12648
CVE-2024-12649
CVE-2025-2146
 
Mitigation/Remediation
We advise that our customers set a private IP address for the products and create a network environment with a firewall or wired/Wi-Fi router that can restrict network access.
Please refer here for more details on securing products when connecting to a network.
Firmware designed to address these issues will be uploaded on websites of your local Canon sales representatives. We advise that our customers install the latest firmware available.
 
Update History
2025-05-22: Added CVE ID (CVE-2025-2146) related to the same product series
2025-01-27: Created