English
Français
Deutsch
Español
Italiano
Português
日本語
한국어
Русский
Home200 Canon Printer Models May Expose Wi
Canon says more than 200 inkjet printer models fail to properly erase Wi-Fi configuration settings.
By
Japanese imaging and optical products giant Canon on Monday warned that more than 200 of its inkjet printer models fail to properly erase Wi-Fi configuration settings.
The issue, the company says, impacts both home and office printer series, and could potentially lead to the exposure of sensitive information.
Printer owners might need to delete the Wi-Fi settings from the printer’s memory when sending the device to repair or when disposing of it.
However, because the impacted models do not properly erase this information, third-parties could extract it and potentially abuse it for nefarious purposes, such as gaining unauthorized access to internal networks.
“Sensitive information on the Wi-Fi connection settings stored in the memories of inkjet printers (home and office/large format) may not be deleted by the usual initialization process,” Canon says in its advisory.
Canon has provided a list of more than 200 printer models that are affected by this vulnerability. Approximately 60 models are large-format inkjet printers typically used by businesses.
The company recommends that, when sending one of these printers to repair, lending it, or disposing of it, users perform a full reset of all settings, then turn the wireless LAN on and reset all settings once more.
For models that do not have the ‘reset all settings’ function, users should reset LAN settings, enable wireless LAN, and then reset those settings once again.
It is unclear whether firmware updates will be released to address this issue. SecurityWeek has emailed Canon for an official statement on the matter.
Update: Canon U.S.A., Inc. provided the following statement to SecurityWeek:
“The notice on psirt.canon was released proactively to alert customers, including steps to address. New firmware will be released as soon as it is available.”
Related: Critical Vulnerability Impacts Over 120 Lexmark Printers
Related: Many Vulnerabilities Found in PrinterLogic Enterprise Software
Related: Canon Says Data Stolen in August 2020 Ransomware Attack
Ionut Arghire is an international correspondent for SecurityWeek.
Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.
Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.
Thinking through the good, the bad, and the ugly now is a process that affords us “the negative focus to survive, but a positive one to thrive."(Marc Solomon)
Sharing threat information and cooperating with other threat intelligence groups helps to strengthen customer safeguards and boosts the effectiveness of the cybersecurity sector overall.(Derek Manky)
Securing APIs is a noble, though complex journey. Security teams can leverage these 10 steps to help secure their APIs.(Joshua Goldfarb)
While silos pose significant dangers to an enterprise's cybersecurity posture, consolidation serves as a powerful solution to overcome these risks, offering improved visibility, efficiency, incident response capabilities, and risk management.(Matt Wilson)
The need for cyber resilience arises from the growing realization that traditional security measures are no longer enough to protect systems, data, and the network from compromise.(Torsten George)
Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...
Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.
Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...
Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.
Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.
Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.
The February 2023 security updates for Android patch 40 vulnerabilities, including multiple high-severity escalation of privilege bugs.
Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.
Japanese imaging and optical products giant Canon on Monday warned that more than 200 of its inkjet printer models fail to properly erase Wi-Fi configuration settings.Update:Related:Related:Related: