Several serious vulnerabilities have been discovered in some Canon i-Sensys series printers that could potentially allow attackers to access them over the internet.
According to Tom’s Hardware, all affected printers’ firmware up to version 3.07 is considered vulnerable. Printers including the Canon i-Sensys MF750 and LBP670 Color Laser series, as well as some i-Sensys X series models (X C1333i, C1333iF, X C1333P) are at risk
Seven security vulnerabilities have been discovered in the above-mentioned Canon printers. In particular, some allow remote arbitrary code execution, device damage, and denial of service (DoS) attacks. According to the CVSS standard (common security vulnerability scoring system), most of these vulnerabilities are described as “critical”. They received a rating of 9.8/10 for severity.
Several security researchers and organizations were involved in discovering these vulnerabilities on Canon printers, including Nguyen Quoc, Team Viettel, ANHTUD, Connor Ford, and other anonymous researchers.
Until an update that addresses the security issues is installed, owners of affected printers are advised not to connect them to the internet. The Japanese manufacturer has begun releasing new firmware for the above-affected printers to fix the vulnerability. For example, there are updates for device models such as MF754Cdw and MF752Cdw. Users are advised to install the new firmware using the new installation software called Firmware Update Tool V03.09 from the company’s website