CVE-2025-2146

May 26, 2025, 12:15 a.m.

9.8
Critical

Description

Buffer overflow in WebService Authentication processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw/Satera MF551dw/Satera MF457dw firmware v05.07 and earlier sold in Japan. Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw/imageCLASS MF455dw/imageCLASS MF453dw/imageCLASS MF452dw/imageCLASS MF451dw/imageCLASS LBP237dw/imageCLASS LBP236dw/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II/imageCLASS X LBP1238 II firmware v05.07 and earlier sold in US. i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw/i-SENSYS MF553dw/i-SENSYS MF552dw/i-SENSYS MF455dw/i-SENSYS MF453dw/i-SENSYS LBP236dw/i-SENSYS LBP233dw/imageRUNNER 1643iF II/imageRUNNER 1643i II/i-SENSYS X 1238iF II/i-SENSYS X 1238i II/i-SENSYS X 1238P II/i-SENSYS X 1238Pr II firmware v05.07 and earlier sold in Europe.

Product(s) Impacted

Vendor Product Versions
Canon
  • Satera Mf656cdw
  • Satera Mf654cdw
  • Satera Mf551dw
  • Satera Mf457dw
  • Color Imageclass Mf656cdw
  • Color Imageclass Mf654cdw
  • Color Imageclass Mf653cdw
  • Color Imageclass Mf652cdw
  • Color Imageclass Lbp633cdw
  • Color Imageclass Lbp632cdw
  • Imageclass Mf455dw
  • Imageclass Mf453dw
  • Imageclass Mf452dw
  • Imageclass Mf451dw
  • Imageclass Lbp237dw
  • Imageclass Lbp236dw
  • X Mf1238 Ii
  • X Mf1643i Ii
  • X Mf1643if Ii
  • X Lbp1238 Ii
  • I-sensys Mf657cdw
  • I-sensys Mf655cdw
  • I-sensys Mf651cdw
  • I-sensys Lbp633cdw
  • I-sensys Lbp631cdw
  • I-sensys Mf553dw
  • I-sensys Mf552dw
  • I-sensys Mf455dw
  • I-sensys Mf453dw
  • I-sensys Lbp236dw
  • I-sensys Lbp233dw
  • Imagerunner 1643if Ii
  • Imagerunner 1643i Ii
  • I-sensys X 1238if Ii
  • I-sensys X 1238i Ii
  • I-sensys X 1238p Ii
  • I-sensys X 1238pr Ii
  • 5.07
  • 5.07
  • 5.07
  • 5.07
  • 5.07
  • 5.07
  • 5.07
  • 5.07
  • 5.07
  • 5.07
  • 5.07
  • 5.07
  • 5.07
  • 5.07
  • 5.07
  • 5.07
  • 5.07
  • 5.07
  • 5.07
  • 5.07
  • 5.07
  • 5.07
  • 5.07
  • 5.07
  • 5.07
  • 5.07
  • 5.07
  • 5.07
  • 5.07
  • 5.07
  • 5.07
  • 5.07
  • 5.07
  • 5.07
  • 5.07
  • 5.07
  • 5.07

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a canon satera_mf656cdw 5.07 / / / / / / /
a canon satera_mf654cdw 5.07 / / / / / / /
a canon satera_mf551dw 5.07 / / / / / / /
a canon satera_mf457dw 5.07 / / / / / / /
a canon color_imageclass_mf656cdw 5.07 / / / / / / /
a canon color_imageclass_mf654cdw 5.07 / / / / / / /
a canon color_imageclass_mf653cdw 5.07 / / / / / / /
a canon color_imageclass_mf652cdw 5.07 / / / / / / /
a canon color_imageclass_lbp633cdw 5.07 / / / / / / /
a canon color_imageclass_lbp632cdw 5.07 / / / / / / /
a canon imageclass_mf455dw 5.07 / / / / / / /
a canon imageclass_mf453dw 5.07 / / / / / / /
a canon imageclass_mf452dw 5.07 / / / / / / /
a canon imageclass_mf451dw 5.07 / / / / / / /
a canon imageclass_lbp237dw 5.07 / / / / / / /
a canon imageclass_lbp236dw 5.07 / / / / / / /
a canon x_mf1238_ii 5.07 / / / / / / /
a canon x_mf1643i_ii 5.07 / / / / / / /
a canon x_mf1643if_ii 5.07 / / / / / / /
a canon x_lbp1238_ii 5.07 / / / / / / /
a canon i-sensys_mf657cdw 5.07 / / / / / / /
a canon i-sensys_mf655cdw 5.07 / / / / / / /
a canon i-sensys_mf651cdw 5.07 / / / / / / /
a canon i-sensys_lbp633cdw 5.07 / / / / / / /
a canon i-sensys_lbp631cdw 5.07 / / / / / / /
a canon i-sensys_mf553dw 5.07 / / / / / / /
a canon i-sensys_mf552dw 5.07 / / / / / / /
a canon i-sensys_mf455dw 5.07 / / / / / / /
a canon i-sensys_mf453dw 5.07 / / / / / / /
a canon i-sensys_lbp236dw 5.07 / / / / / / /
a canon i-sensys_lbp233dw 5.07 / / / / / / /
a canon imagerunner_1643if_ii 5.07 / / / / / / /
a canon imagerunner_1643i_ii 5.07 / / / / / / /
a canon i-sensys_x_1238if_ii 5.07 / / / / / / /
a canon i-sensys_x_1238i_ii 5.07 / / / / / / /
a canon i-sensys_x_1238p_ii 5.07 / / / / / / /
a canon i-sensys_x_1238pr_ii 5.07 / / / / / / /

CVSS Score

9.8 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    View Vector String

Timeline

Published: May 26, 2025, 12:15 a.m.
Last Modified: May 26, 2025, 12:15 a.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

f98c90f0-e9bd-4fa7-911b-51993f3571fd

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.