JVNVU#99563104
Passback vulnerabilities in Canon Production Printers, Office/Small Office Multifunction Printers, and Laser Printers

Overview

Passback vulnerabilities are reported on Canon Production Printers, Office/Small Office Multifunction Printers, and Laser Printers.

Products Affected

A wide range of products and versions are affected.
For more information, refer to "Vendor Status" section below.

Description

Production Printers, Office/Small Office Multifunction Printers, and Laser Printers provided by Canon Inc. do not implement sufficient protection on credential information (CWE-522).

• CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N Base Score 6.3
• CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N Base Score 8.7
• CVE-2025-3078, CVE-2025-3079

Impact

When an affected device is configured to communicate with an external system (e.g., SMTP server or LDAP server), an administrative user may obtain the credential information of that external system by directing the device to send the credential information in plain text form.

Solution

Apply the Workaround
The developer recommends applying the workarounds to avoid access from third parties.
For details, refer to the information provided by the developer.