Canon Production Printers and Multifunction Printers Vulnerability Allowing Sensitive Information Access via Remote Management Interface

A vulnerability has been identified in certain production printers and office/small office multifunction printers. This issue may allow an administrator to access sensitive information on the device through the browser-based remote management interface by sending crafted requests. Affected products include specific models from the imagePRESS, imageFORCE, imageRUNNER ADVANCE, and imageRUNNER series, as well as the Satera series. For a detailed list of affected models, please refer to the 'Device Models and Remediated Firmware' section below.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information stored on the affected device.

Remediation

Firmware updates to address this vulnerability will be automatically applied or made available through the Canon USA support website. Users are also advised to follow best practices for network security, such as not connecting the product directly to the internet and changing default passwords.