CVE-2024-2184 – A buffer overflow vulnerability in the WSD prob... (How to Fix)

Q: What is the severity of CVE-2024-2184?

CVE-2024-2184 has a CVSS score of 9.8 (CRITICAL). A buffer overflow vulnerability in the WSD probe request process of certain Canon multifunction and laser printers allows an attacker on the same network segment to crash the device or execute arbitrary code. This affects multiple Canon printer series sold in Japan, the US, and Europe. The vulnerability is remotely exploitable without authentication.

📋 TL;DR

A buffer overflow vulnerability in the WSD probe request process of certain Canon multifunction and laser printers allows an attacker on the same network segment to crash the device or execute arbitrary code. This affects multiple Canon printer series sold in Japan, the US, and Europe. The vulnerability is remotely exploitable without authentication.

💻 Affected Systems

Products:

Satera MF740C Series
Satera MF640C Series
Satera LBP660C Series
Satera LBP620C Series
Satera MF750C Series
Satera LBP670C Series
Color imageCLASS MF740C Series
Color imageCLASS MF640C Series
Color imageCLASS X MF1127C
Color imageCLASS LBP664Cdw
Color imageCLASS LBP622Cdw
Color imageCLASS X LBP1127C
Color imageCLASS MF750C Series
Color imageCLASS X MF1333C
Color imageCLASS LBP674Cdw
Color imageCLASS X LBP1333C
i-SENSYS MF740C Series
i-SENSYS MF640C Series
C1127i Series
i-SENSYS LBP660C Series
i-SENSYS LBP620C Series
C1127P
i-SENSYS MF750C Series
C1333i Series
i-SENSYS LBP673Cdw
C1333P

Versions: v12.07 and earlier for some models, v03.09 and earlier for others

Operating Systems: Printer firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects specific firmware versions sold in different regions (Japan, US, Europe). WSD (Web Services on Devices) protocol must be enabled, which is often default.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with full control of the printer, potentially leading to lateral movement into the network, data exfiltration, or persistent backdoor installation.

🟠

Likely Case

Denial of service causing the printer to become unresponsive, disrupting printing services and requiring a reboot.

🟢

If Mitigated

Limited impact if printers are isolated on a separate VLAN with strict network access controls, preventing unauthorized network access.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access to the printer's WSD service. No authentication is needed, making it straightforward for attackers on the same network segment.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Canon advisory for specific model updates (e.g., firmware versions beyond v12.07 or v03.09 as applicable)

Vendor Advisory: https://psirt.canon/advisory-information/cp2024-002/

Restart Required: Yes

Instructions:

1. Identify the exact printer model and current firmware version.
2. Visit the Canon advisory URL to find the patched firmware version for your model.
3. Download the firmware update from Canon's official support site.
4. Follow Canon's instructions to apply the firmware update via the printer's web interface or USB.
5. Reboot the printer after the update completes.

🔧 Temporary Workarounds

Disable WSD Protocol

all

Turn off the Web Services on Devices (WSD) protocol to block the vulnerable probe request process.

Network Segmentation

all

Isolate printers on a separate VLAN with strict firewall rules to limit access to trusted hosts only.

🧯 If You Can't Patch

Implement strict network access controls to limit printer access to authorized IP addresses only.
Monitor network traffic for unusual WSD probe requests or attempts to exploit the buffer overflow.

🔍 How to Verify

Check if Vulnerable:

Check the printer's firmware version via its web interface or control panel and compare with affected versions listed in the Canon advisory.

Check Version:

Access the printer's web interface (e.g., http://<printer-ip>) and navigate to the firmware or system information page to view the version.

Verify Fix Applied:

Confirm the firmware version has been updated to a patched version as specified in the Canon advisory.

📡 Detection & Monitoring

Log Indicators:

Printer logs showing crashes or reboots after WSD requests
Unusual network traffic to printer ports (typically TCP/3702 for WSD)

Network Indicators:

Excessive or malformed WSD probe requests to printer IPs
Traffic patterns indicative of buffer overflow attempts

SIEM Query:

source_ip="*" AND dest_ip="<printer_ip>" AND dest_port=3702 AND (payload_size>normal OR protocol_anomaly)

📊 Metadata

CVE ID: CVE-2024-2184

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: March 11, 2024

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-2184, you might also want to check these: