Canon U.S.A., Inc. has recently been informed (by SCADAfence Ltd.) of a vulnerability related to IP stack protocol (Common Vulnerabilities Exposures ID: CVE-2020-16849), which is used by the Canon Laser Printers and Small Office Multifunctional Printers listed below. Due to this vulnerability, if the printer is connected to a PC, and an unsecured network is in use, a potential exists for unauthorized access to an “Address book” (or fragments of an Address book), and/or an “administrator password” that has been taken through an unsecured network.
We are not aware of any cases of this vulnerability being exploited to cause harm, but to help ensure that our customers can continue to use our products in a secure manner; we are providing you firmware for the following products to address the vulnerability.
Affected models
imageCLASS MF Series
MF113W/MF212W/MF216N/MF217W/MF227DW/MF229DW
MF232W/MF236N/MF244DW/MF247DW/MF249DW
MF264DW/MF267DW/MF269DW/MF269DW VP
MF4570DN/MF4570DW/MF4770N/MF4880DW/MF4890DW
imageCLASS LBP Series
LBP113W/LBP151DW/LBP162DW
Firmware download
Please proceed to https://www.usa.canon.com/support to download the firmware.
Furthermore, we recommend that you set up a private IP address for products and create a network environment with a firewall or Wi-Fi router that can restrict network access.
We have outlined a number of security measures to help ensure customers can continue to use their Canon products in a more secure way. Please check “Regarding security for products connected to a network” in the URL below.
https://global.canon/en/support/security/prd-secu.html
Thank you,
Canon Customer Support
Canon U.S.A., Inc.
Support options and hours of operation: www.usa.canon.com/support
