CP2026-001 Vulnerabilities Mitigation/Remediation for Small Office Multifunction Printers and Laser Printers
January 15, 2025
Canon Inc.
Canon Canada Inc. has recently become aware of potential multiple buffer overflow vulnerabilities in the Canon Laser Printers and Small Office Multifunctional Printers listed under “Affected Models” below.
If the product is connected directly to the Internet without using a wired or Wi-Fi router, a third party could potentially execute arbitrary code, or the product could be subjected to a Denial-of-Service (DoS) attack.
Listed below are the CVE numbers associated with the potential Buffer Overflow issue:
CVE-2025-14231
CVE-2025-14232
CVE-2025-14233
CVE-2025-14234
CVE-2025-14235
CVE-2025-14236
CVE-2025-14237
Affected Models
imageCLASS MF Series
MF455DW/MF453DW/MF452DW/MF451DW
MF656CDW/MF654CDW/MF653CDW/MF652CW
imageCLASS LBP Series
LBP1238 II
Note: If we determine that additional products could potentially be impacted by this matter, we will issue an updated Service Notice.
Mitigation/Remediation:
-
We recommend that our customers set a private IP address for the products and create a network environment with a firewall or wired/Wi-Fi router that can restrict network access. Please refer here for more details on securing products when connecting to a network.
-
In addition, we advise that our customers install the latest firmware available using the instructions below.
To update the firmware via the Internet, take the following steps from the printer unit:
<Touch Panel Model>
Select [Update Firmware] on the Home screen.
When a license screen appears, select [Accept].
Select [OK].
<Black and White LCD Model>
Select [Menu] on the Home screen.
Select [Management Settings].
Select [Remote UI Settings/Update Firmware] > [Update Firmware].
Select [Via Internet].
Check the message and select [Yes].
When a license screen appears, press [OK].
Select [OK].
For more information, please refer to the "Updating the Firmware" section in the product’s User Manual.