[English]Warning to owners of Canon printers who want to take them out of service and sell them – or who operate the devices in WLAN and then have to give them for repair. Manufacturer Canon currently warns that certain devices (inkjet printers of the E-, G- or MX-series, etc.) reveal the WLAN password stored for operation to third parties due to a security vulnerability. Affected are inkjet printers for home use as well as devices for business use in offices.
Canon's warning CP2023-003 (Vulnerability Mitigation/Remediation for Inkjet Printers (Home and Office/Large Format) is dated July 31, 2023 and informs device owners about a security issue. It states that sensitive Wi-Fi connection setting (WLAN) information stored in the memories of inkjet printers (Home and Office/Large Format) may not be deleted through the usual initialization process. This poses the risk of unauthorized third parties gaining possession of the WLAN access data when the device is sold or repaired.
How to mitigate?
If the printer is to be sold to a third party (e.g. if the printer is to be repaired, lost, or disposed of), the following steps should be performed on the printer unit:to prevent the leakage of these credentials.
- Reset all settings (Reset Settings -> Reset All)
- Enable the wireless LAN
- Reset all settings one more time
For models that do not have the Reset All Settings function, the following steps must be performed:
- Reset LAN settings
- Activate the wireless LAN
- Reset LAN settings one more time
Details of these steps should be available in the user's manual for the specific model. Which models (e.g. E-, G- or MX-series inkjet printers, etc.) are affected can be found in this Canon document.
