Several critical vulnerabilities have been discovered in some Canon i-Sensys series printers and MFPs that could potentially allow attackers to gain access to them via the Internet. All firmware of the affected printers up to and including version 3.07 are considered vulnerable.
The Canon i-Sensys MF750 and LBP670 Color Laser series printers, as well as several models of the i-Sensys X series (X C1333i, C1333iF, X C1333P) are at risk. Seven security vulnerabilities have been discovered in these printers. In particular, some allow remote execution of arbitrary code, crashing the device, and carrying out denial of service (DoS) attacks. According to the CVSS (Common Vulnerability Scoring System) standard, most of these vulnerabilities are characterized as “critical”. They received a rating of 9.8 out of 10 on the severity scale.
Several organizations took part in discovering these vulnerabilities in Canon printers, including Nguyen Quoc, Team Viettel, ANHTUD, Connor Ford, as well as anonymous cybersecurity researchers.
Until the update that resolves the security issues is installed, owners of these Canon printers are advised not to connect them to the Internet. The manufacturer has already begun releasing new firmware for the affected printers and MFPs. For example, updates are available for device models such as MF754Cdw and MF752Cdw. It is recommended to install new software using fresh installation software Firmware Update Tool V03.09.