Critical Bugs in Canon Small Office Printers Allow Code Execution, DDoS

A grouping of serious printer bugs, unveiled at last summers Pwn2Own, were patchless for months, but are finally fixed now.

Canon has patched seven critical buffer-overflow bugs affecting its small office multifunction printers and laser printers.
Tracked as CVE-2023-6229 through CVE-2023-6234 (plus CVE-2024-0244), they affect different processes common across Canons product lines – the username or password process involved with authenticating mobile devices, for example, the Service Location Protocol (SLP) attribute request process, and more.
The company assigned them all critical 9.8 out of 10 ratings on the Common Vulnerability Scoring System (CVSS) scale. As explained in
a security advisory
, they can allow unauthenticated attackers to remotely perform denial of service (DoS) or arbitrary code execution against any affected printers connected directly to the Internet. They also offer a handy pivot point to burrow deeper into victim networks.
No exploitations have been observed in the wild as of yet, according to
the companys European site
, but owners should scan for indicators of compromise given that the bugs have been publicly known but unpatched for months.
The seven vulnerabilities patched on Feb. 5 were revealed alongside dozens of others at
Pwn2Own Torontos SOHO Smashup
last summer, where contestants were invited to breach routers and then the small office/home office (SOHO) devices they connect to.
Printers, so rarely recognized as
fertile grounds for cyberattacks
, were given their own category at the event.
Its a pretty large attack surface right now thats
often overlooked
, especially in small businesses, because its hard to manage from an enterprise level, explains Dustin Childs, head of threat awareness for Trend Micros Zero Day Initiative (ZDI), which runs the Pwn2Own hacking contest. I mean, its not like printers have automatic updates or other features that you can use to manage them cleanly and easily.
He adds, printers have always been kind of notorious for being finicky. You can go back to Office Space — one of the big scenes where they
took a baseball bat to the printer
. Its a joke, but its a joke thats based in reality. These things are difficult to manage. The drivers are difficult to manage. And theres a lot of problematic software on them.
As a result, an old office printer — connected to other, more sensitive devices in a small or midsized business (SMB) network — tends to be rather trivial to crack.
I was a little shocked with how little they had to work on it to find really workable exploits, Childs recalls of Pwn2Own Toronto. As a case in point: Last year somebody played the Mario theme on a printer. And he said it took him longer to figure out how to play the Mario theme than to exploit the printer.
Beyond the obvious step of updating to the latest firmware, Canon is advising its customers to set a private IP address for the products and create a network environment with a firewall or wired/Wi-Fi router that can restrict network access.
The advice speaks to a larger point: that even if printers are thick and unwieldy, whats manageable is their connectivity.
It used to be that there were, believe it or not, Internet-addressable printers. What businesses have done is theyve gotten printers off the Internet, which is a change over the last decade. Now weve got them behind at least a firewall, or router, or
something
, Childs explains.
However, he adds, as weve seen with
PrintNightmare and other printer-based exploits,
you can get past that firewall and then attack a printer, then pivot from that to other targets within an enterprise. To prevent a printer compromise from reaching further into a network, SMBs need to focus on properly segmenting different areas of their networks.
The best way to protect the printers themselves, meanwhile, is to patch. As Childs recalls, I cant tell you how many times Ive heard of printers that were exploited that were three or four updates behind.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Critical Bugs in Canon Small Office Printers Allow Code Execution, DDoS