CVSS: 9.8EPSS: 0%CPEs: 90EXPL: 0CVE-2023-0856 – Canon imageCLASS MF743Cdw IPP sides Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-0856
Buffer overflow in IPP sides attribute process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF743Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Internet Printing Protocol (IPP) service. • https://canon.jp/support/support-info/230414vulnerability-response https://psirt.canon/advisory-information/cp2023-001 https://www.canon-europe.com/support/product-security-latest-news https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Vulnerabilities-Remediation-Against-Buffer-Overflow • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 90EXPL: 0CVE-2023-0855 – Canon imageCLASS MF743Cdw IPP number-up Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-0855
Buffer overflow in IPP number-up attribute process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF743Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Internet Printing Protocol (IPP) service. • https://canon.jp/support/support-info/230414vulnerability-response https://psirt.canon/advisory-information/cp2023-001 https://www.canon-europe.com/support/product-security-latest-news https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Vulnerabilities-Remediation-Against-Buffer-Overflow • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 90EXPL: 0CVE-2023-0853 – Canon imageCLASS MF743Cdw mDNS hostname Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-0853
Buffer overflow in mDNS NSEC record registering process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF743Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within handling of mDNS packets. • https://canon.jp/support/support-info/230414vulnerability-response https://psirt.canon/advisory-information/cp2023-001 https://www.canon-europe.com/support/product-security-latest-news https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Vulnerabilities-Remediation-Against-Buffer-Overflow • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 90EXPL: 0CVE-2023-0854 – Canon imageCLASS MF743Cdw cmNetBiosParseName Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-0854
Buffer overflow in NetBIOS QNAME registering and communication process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF743Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of NetBIOS names. • https://canon.jp/support/support-info/230414vulnerability-response https://psirt.canon/advisory-information/cp2023-001 https://www.canon-europe.com/support/product-security-latest-news https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Vulnerabilities-Remediation-Against-Buffer-Overflow • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 56EXPL: 0CVE-2020-16849
https://notcve.org/view.php?id=CVE-2020-16849
An issue was discovered on Canon MF237w 06.07 devices. An "Improper Handling of Length Parameter Inconsistency" issue in the IPv4/ICMPv4 component, when handling a packet sent by an unauthenticated network attacker, may expose Sensitive Information. Se detectó un problema en los dispositivos Canon MF237w versión 06.07. Un problema de "Improper Handling of Length Parameter Inconsistency" en el componente IPv4/ICMPv4, cuando se maneja un paquete enviado por un atacante de red no autenticado, puede exponer información confidencial • https://blog.scadafence.com/vulnerability-report-cve-2020-16849 https://www.canon-europe.com/support/product-security •