CVE-2022-24673: (Pwn2Own) Canon imageCLASS MF644Cdw SLP Stack-based Buffer Overflow Remote Code Execution Vulnerability
First published: Tue Mar 28 2023(Updated: )
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the SLP protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15845.
Credit: zdi-disclosures@trendmicro.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Canon imageCLASS MF644Cdw | ||
| Canon D1620 Firmware | ||
| Canon D1620 Firmware | ||
| Canon EOS 77D Firmware | ||
| Canon D1650 Firmware | ||
| Canon D1520 Firmware | ||
| Canon D1520 Firmware | ||
| Canon D1550 Firmware | ||
| Canon D1550 Firmware | ||
| Canon MF1127C Firmware | ||
| Canon MF1127C Firmware | ||
| Canon MF1238 II Firmware | ||
| Canon MF1238 II | ||
| Canon MF1238 II Firmware | ||
| Canon MF1238 II Firmware | ||
| Canon MF1643i II Firmware | ||
| Canon MF1643i II Firmware | ||
| Canon MF1643if II Firmware | ||
| Canon MF1643if II Firmware | ||
| Canon MF414DW Firmware | ||
| Canon MF414DW Firmware | ||
| Canon MF416dw Firmware | ||
| Canon MF416dw | ||
| Canon MF419dw Firmware | ||
| Canon MF419dw Firmware | ||
| Canon MF515dw Firmware | ||
| Canon MF515dw Firmware | ||
| Canon MF424dw | ||
| Canon MF424dw Firmware | ||
| Canon MF426dw Firmware | ||
| Canon MF426dw Firmware | ||
| Canon MF429dw Firmware | ||
| Canon MF429dw Firmware | ||
| Canon MF525DW Firmware | ||
| Canon MF525DW Firmware | ||
| Canon MF445dw Firmware | ||
| Canon MF445dw Firmware | ||
| Canon MF448dw | ||
| Canon MF448dw Firmware | ||
| Canon MF449dw | ||
| Canon MF449dw Firmware | ||
| Canon MF543dw | ||
| Canon MF543dw Firmware | ||
| Canon MF451dw Firmware | ||
| Canon MF451dw Firmware | ||
| Canon MF452dw | ||
| Canon MF452DW Firmware | ||
| Canon MF453dw Firmware | ||
| Canon mf453dw firmware | ||
| Canon MF455dw Firmware | ||
| Canon MF455dw Firmware | ||
| Canon MF6160dw Firmware | ||
| Canon MF6160dw Firmware | ||
| Canon MF6180dw Firmware | ||
| Canon MF6180dw Firmware | ||
| Canon MF624Cdw Firmware | ||
| Canon MF624Cdw Firmware | ||
| Canon MF628Cdw Firmware | ||
| Canon MF628Cdw Firmware | ||
| Canon MF632Cdw | ||
| Canon MF632Cdw Firmware | ||
| Canon MF634Cdw | ||
| Canon MF634Cdw Firmware | ||
| Canon MF641CW Firmware | ||
| Canon MF641CW Firmware | ||
| Canon MF642Cdw | ||
| Canon MF642Cdw Firmware | ||
| Canon MF644Cdw Firmware | ||
| Canon imageCLASS MF644Cdw | ||
| Canon MF726Cdw Firmware | ||
| Canon MF726CDW | ||
| Canon MF729Cdw Firmware | ||
| Canon MF729Cdw Firmware | ||
| Canon MF731Cdw Firmware | ||
| Canon MF731CDW | ||
| Canon MF733Cdw Firmware | ||
| Canon MF733Cdw Firmware | ||
| Canon MF735Cdw Firmware | ||
| Canon MF735CDW | ||
| Canon MF741Cdw Firmware | ||
| Canon MF741CDW | ||
| Canon MF743Cdw Firmware | ||
| Canon MF743Cdw Firmware | ||
| Canon MF745Cdw Firmware | ||
| Canon MF745Cdw Firmware | ||
| Canon MF746Cdw | ||
| Canon MF746Cdw | ||
| Canon MF810CDN Firmware | ||
| Canon MF810CDN Firmware | ||
| Canon MF820CDN Firmware | ||
| Canon MF820CDN Firmware | ||
| Canon MF8280CW Firmware | ||
| Canon MF8280CW Firmware | ||
| Canon MF8580CDW Firmware | ||
| Canon MF8580CDW Firmware | ||
| Canon LBP1127C | ||
| Canon LBP1127C | ||
| Canon LBP1238 Firmware | ||
| Canon LBP1238 II | ||
| Canon LBP1238 Firmware | ||
| Canon LBP1238 II Firmware | ||
| Canon LBP214dw Firmware | ||
| Canon LBP214dw Firmware | ||
| Canon LBP215dw Firmware | ||
| Canon LBP215dw Firmware | ||
| Canon LBP226dw Firmware | ||
| Canon LBP226dw Firmware | ||
| Canon LBP227dw Firmware | ||
| Canon LBP227dw Firmware | ||
| Canon LBP228dw | ||
| Canon LBP228dw Firmware | ||
| Canon LBP236dw | ||
| Canon LBP236dw | ||
| Canon LBP237dw | ||
| Canon LBP237dw | ||
| Canon LBP251dw Firmware | ||
| Canon LBP251dw Firmware | ||
| Canon LBP253DW Firmware | ||
| Canon LBP253DW Firmware | ||
| Canon LBP612CDW | ||
| Canon LBP612CDW | ||
| Canon LBP622Cdw | ||
| Canon Color imageCLASS LBP622Cdw | ||
| Canon LBP623CDW Firmware | ||
| Canon LBP623CDW Firmware | ||
| Canon LBP654Cdw Firmware | ||
| Canon LBP654Cdw Firmware | ||
| Canon LBP664CDW Firmware | ||
| Canon LBP664CDW Firmware | ||
| Canon imageRUNNER 1435i firmware | ||
| Canon ir1435i firmware | ||
| Canon 1435if+ | ||
| Canon 1435if firmware | ||
| Canon 1435P+ Firmware | ||
| Canon 1435p+ | ||
| Canon 1435i+ firmware | ||
| Canon 1435i+ | ||
| Canon 1435if+ firmware | ||
| Canon 1435if+ | ||
| Canon 1435p+ firmware | ||
| Canon 1435p+ | ||
| Canon ImageRunner IR 1643i Firmware | ||
| Canon ir1643i firmware | ||
| Canon ImageRunner IR 1643IF Firmware | ||
| Canon ir1643if firmware | ||
| Canon WG7240 | ||
| Canon WG7240 | ||
| Canon WG7250 Firmware | ||
| Canon WG7250 Firmware | ||
| Canon WG7250F Firmware | ||
| Canon WG7250F Firmware | ||
| Canon WG7250Z Firmware | ||
| Canon WG7250Z Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-24673?
CVE-2022-24673 is considered a critical vulnerability due to its potential for remote code execution without authentication.
How do I fix CVE-2022-24673?
To mitigate CVE-2022-24673, users should update their Canon imageCLASS MF644Cdw printers to the latest firmware provided by Canon.
Which products are affected by CVE-2022-24673?
CVE-2022-24673 specifically affects Canon imageCLASS MF644Cdw printers, among other models.
Can CVE-2022-24673 be exploited remotely?
Yes, CVE-2022-24673 can be exploited remotely as it does not require authentication.
What type of vulnerability is CVE-2022-24673?
CVE-2022-24673 is a buffer overflow vulnerability within the SLP protocol implementation in affected Canon printers.
- agent/references
- agent/type
- agent/weakness
- agent/severity
- agent/author
- agent/title
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-22-515
- alias/ZDI-CAN-15845
- alias/CVE-2022-24673
- agent/software-canonical-lookup
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/canon
- canonical/canon imageclass mf644cdw
- canonical/canon d1620 firmware
- canonical/canon eos 77d firmware
- canonical/canon d1650 firmware
- canonical/canon d1520 firmware
- canonical/canon d1550 firmware
- canonical/canon mf1127c firmware
- canonical/canon mf1238 ii firmware
- canonical/canon mf1238 ii
- canonical/canon mf1643i ii firmware
- canonical/canon mf1643if ii firmware
- canonical/canon mf414dw firmware
- canonical/canon mf416dw firmware
- canonical/canon mf416dw
- canonical/canon mf419dw firmware
- canonical/canon mf515dw firmware
- canonical/canon mf424dw
- canonical/canon mf424dw firmware
- canonical/canon mf426dw firmware
- canonical/canon mf429dw firmware
- canonical/canon mf525dw firmware
- canonical/canon mf445dw firmware
- canonical/canon mf448dw
- canonical/canon mf448dw firmware
- canonical/canon mf449dw
- canonical/canon mf449dw firmware
- canonical/canon mf543dw
- canonical/canon mf543dw firmware
- canonical/canon mf451dw firmware
- canonical/canon mf452dw
- canonical/canon mf452dw firmware
- canonical/canon mf453dw firmware
- canonical/canon mf455dw firmware
- canonical/canon mf6160dw firmware
- canonical/canon mf6180dw firmware
- canonical/canon mf624cdw firmware
- canonical/canon mf628cdw firmware
- canonical/canon mf632cdw
- canonical/canon mf632cdw firmware
- canonical/canon mf634cdw
- canonical/canon mf634cdw firmware
- canonical/canon mf641cw firmware
- canonical/canon mf642cdw
- canonical/canon mf642cdw firmware
- canonical/canon mf644cdw firmware
- canonical/canon mf726cdw firmware
- canonical/canon mf726cdw
- canonical/canon mf729cdw firmware
- canonical/canon mf731cdw firmware
- canonical/canon mf731cdw
- canonical/canon mf733cdw firmware
- canonical/canon mf735cdw firmware
- canonical/canon mf735cdw
- canonical/canon mf741cdw firmware
- canonical/canon mf741cdw
- canonical/canon mf743cdw firmware
- canonical/canon mf745cdw firmware
- canonical/canon mf746cdw
- canonical/canon mf810cdn firmware
- canonical/canon mf820cdn firmware
- canonical/canon mf8280cw firmware
- canonical/canon mf8580cdw firmware
- canonical/canon lbp1127c
- canonical/canon lbp1238 firmware
- canonical/canon lbp1238 ii
- canonical/canon lbp1238 ii firmware
- canonical/canon lbp214dw firmware
- canonical/canon lbp215dw firmware
- canonical/canon lbp226dw firmware
- canonical/canon lbp227dw firmware
- canonical/canon lbp228dw
- canonical/canon lbp228dw firmware
- canonical/canon lbp236dw
- canonical/canon lbp237dw
- canonical/canon lbp251dw firmware
- canonical/canon lbp253dw firmware
- canonical/canon lbp612cdw
- canonical/canon lbp622cdw
- canonical/canon color imageclass lbp622cdw
- canonical/canon lbp623cdw firmware
- canonical/canon lbp654cdw firmware
- canonical/canon lbp664cdw firmware
- canonical/canon imagerunner 1435i firmware
- canonical/canon ir1435i firmware
- canonical/canon 1435if+
- canonical/canon 1435if firmware
- canonical/canon 1435p+ firmware
- canonical/canon 1435p+
- canonical/canon 1435i+ firmware
- canonical/canon 1435i+
- canonical/canon 1435if+ firmware
- canonical/canon imagerunner ir 1643i firmware
- canonical/canon ir1643i firmware
- canonical/canon imagerunner ir 1643if firmware
- canonical/canon ir1643if firmware
- canonical/canon wg7240
- canonical/canon wg7250 firmware
- canonical/canon wg7250f firmware
- canonical/canon wg7250z firmware