This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CADM service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15802.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Canon | imageCLASS MF644Cdw | affected |
|
Configuration 1 [-]
| AND |
|
Configuration 2 [-]
| AND |
|
Configuration 3 [-]
| AND |
|
Configuration 4 [-]
| AND |
|
Configuration 5 [-]
| AND |
|
Configuration 6 [-]
| AND |
|
Configuration 7 [-]
| AND |
|
Configuration 8 [-]
| AND |
|
Configuration 9 [-]
| AND |
|
Configuration 10 [-]
| AND |
|
Configuration 11 [-]
| AND |
|
Configuration 12 [-]
| AND |
|
Configuration 13 [-]
| AND |
|
Configuration 14 [-]
| AND |
|
Configuration 15 [-]
| AND |
|
Configuration 16 [-]
| AND |
|
Configuration 17 [-]
| AND |
|
Configuration 18 [-]
| AND |
|
Configuration 19 [-]
| AND |
|
Configuration 20 [-]
| AND |
|
Configuration 21 [-]
| AND |
|
Configuration 22 [-]
| AND |
|
Configuration 23 [-]
| AND |
|
Configuration 24 [-]
| AND |
|
Configuration 25 [-]
| AND |
|
Configuration 26 [-]
| AND |
|
Configuration 27 [-]
| AND |
|
Configuration 28 [-]
| AND |
|
Configuration 29 [-]
| AND |
|
Configuration 30 [-]
| AND |
|
Configuration 31 [-]
| AND |
|
Configuration 32 [-]
| AND |
|
Configuration 33 [-]
| AND |
|
Configuration 34 [-]
| AND |
|
Configuration 35 [-]
| AND |
|
Configuration 36 [-]
| AND |
|
Configuration 37 [-]
| AND |
|
Configuration 38 [-]
| AND |
|
Configuration 39 [-]
| AND |
|
Configuration 40 [-]
| AND |
|
Configuration 41 [-]
| AND |
|
Configuration 42 [-]
| AND |
|
Configuration 43 [-]
| AND |
|
Configuration 44 [-]
| AND |
|
Configuration 45 [-]
| AND |
|
Configuration 46 [-]
| AND |
|
Configuration 47 [-]
| AND |
|
Configuration 48 [-]
| AND |
|
Configuration 49 [-]
| AND |
|
Configuration 50 [-]
| AND |
|
Configuration 51 [-]
| AND |
|
Configuration 52 [-]
| AND |
|
Configuration 53 [-]
| AND |
|
Configuration 54 [-]
| AND |
|
Configuration 55 [-]
| AND |
|
Configuration 56 [-]
| AND |
|
Configuration 57 [-]
| AND |
|
Configuration 58 [-]
| AND |
|
Configuration 59 [-]
| AND |
|
Configuration 60 [-]
| AND |
|
Configuration 61 [-]
| AND |
|
Configuration 62 [-]
| AND |
|
Configuration 63 [-]
| AND |
|
Configuration 64 [-]
| AND |
|
Configuration 65 [-]
| AND |
|
Configuration 66 [-]
| AND |
|
Configuration 67 [-]
| AND |
|
Configuration 68 [-]
| AND |
|
Configuration 69 [-]
| AND |
|
Configuration 70 [-]
| AND |
|
Configuration 71 [-]
| AND |
|
Configuration 72 [-]
| AND |
|
Configuration 73 [-]
| AND |
|
Configuration 74 [-]
| AND |
|
Configuration 75 [-]
| AND |
|
Configuration 76 [-]
| AND |
|
No data.
No data.
Project Subscriptions
| Vendors | Products |
|---|---|
|
Canon
Subscribe
|
1435i\+
Subscribe
1435i\+ Firmware
Subscribe
1435if
Subscribe
1435if\+
Subscribe
1435if\+ Firmware
Subscribe
1435if Firmware
Subscribe
1435p
Subscribe
1435p\+
Subscribe
1435p\+ Firmware
Subscribe
1435p Firmware
Subscribe
D1520
Subscribe
D1520 Firmware
Subscribe
D1550
Subscribe
D1550 Firmware
Subscribe
D1620
Subscribe
D1620 Firmware
Subscribe
D1650
Subscribe
D1650 Firmware
Subscribe
Ir1435i
Subscribe
Ir1435i Firmware
Subscribe
Ir1643i
Subscribe
Ir1643i Firmware
Subscribe
Ir1643if
Subscribe
Ir1643if Firmware
Subscribe
Lbp1127c
Subscribe
Lbp1127c Firmware
Subscribe
Lbp1238
Subscribe
Lbp1238 Firmware
Subscribe
Lbp1238 Ii
Subscribe
Lbp1238 Ii Firmware
Subscribe
Lbp214dw
Subscribe
Lbp214dw Firmware
Subscribe
Lbp215dw
Subscribe
Lbp215dw Firmware
Subscribe
Lbp226dw
Subscribe
Lbp226dw Firmware
Subscribe
Lbp227dw
Subscribe
Lbp227dw Firmware
Subscribe
Lbp228dw
Subscribe
Lbp228dw Firmware
Subscribe
Lbp236dw
Subscribe
Lbp236dw Firmware
Subscribe
Lbp237dw
Subscribe
Lbp237dw Firmware
Subscribe
Lbp251dw
Subscribe
Lbp251dw Firmware
Subscribe
Lbp253dw
Subscribe
Lbp253dw Firmware
Subscribe
Lbp612cdw
Subscribe
Lbp612cdw Firmware
Subscribe
Lbp622cdw
Subscribe
Lbp622cdw Firmware
Subscribe
Lbp623cdw
Subscribe
Lbp623cdw Firmware
Subscribe
Lbp654cdw
Subscribe
Lbp654cdw Firmware
Subscribe
Lbp664cdw
Subscribe
Lbp664cdw Firmware
Subscribe
Mf1127c
Subscribe
Mf1127c Firmware
Subscribe
Mf1238
Subscribe
Mf1238 Firmware
Subscribe
Mf1238 Ii
Subscribe
Mf1238 Ii Firmware
Subscribe
Mf1643i Ii
Subscribe
Mf1643i Ii Firmware
Subscribe
Mf1643if Ii
Subscribe
Mf1643if Ii Firmware
Subscribe
Mf414dw
Subscribe
Mf414dw Firmware
Subscribe
Mf416dw
Subscribe
Mf416dw Firmware
Subscribe
Mf419dw
Subscribe
Mf419dw Firmware
Subscribe
Mf424dw
Subscribe
Mf424dw Firmware
Subscribe
Mf426dw
Subscribe
Mf426dw Firmware
Subscribe
Mf429dw
Subscribe
Mf429dw Firmware
Subscribe
Mf445dw
Subscribe
Mf445dw Firmware
Subscribe
Mf448dw
Subscribe
Mf448dw Firmware
Subscribe
Mf449dw
Subscribe
Mf449dw Firmware
Subscribe
Mf451dw
Subscribe
Mf451dw Firmware
Subscribe
Mf452dw
Subscribe
Mf452dw Firmware
Subscribe
Mf453dw
Subscribe
Mf453dw Firmware
Subscribe
Mf455dw
Subscribe
Mf455dw Firmware
Subscribe
Mf515dw
Subscribe
Mf515dw Firmware
Subscribe
Mf525dw
Subscribe
Mf525dw Firmware
Subscribe
Mf543dw
Subscribe
Mf543dw Firmware
Subscribe
Mf6160dw
Subscribe
Mf6160dw Firmware
Subscribe
Mf6180dw
Subscribe
Mf6180dw Firmware
Subscribe
Mf624cdw
Subscribe
Mf624cdw Firmware
Subscribe
Mf628cdw
Subscribe
Mf628cdw Firmware
Subscribe
Mf632cdw
Subscribe
Mf632cdw Firmware
Subscribe
Mf634cdw
Subscribe
Mf634cdw Firmware
Subscribe
Mf641cw
Subscribe
Mf641cw Firmware
Subscribe
Mf642cdw
Subscribe
Mf642cdw Firmware
Subscribe
Mf644cdw
Subscribe
Mf644cdw Firmware
Subscribe
Mf726cdw
Subscribe
Mf726cdw Firmware
Subscribe
Mf729cdw
Subscribe
Mf729cdw Firmware
Subscribe
Mf731cdw
Subscribe
Mf731cdw Firmware
Subscribe
Mf733cdw
Subscribe
Mf733cdw Firmware
Subscribe
Mf735cdw
Subscribe
Mf735cdw Firmware
Subscribe
Mf741cdw
Subscribe
Mf741cdw Firmware
Subscribe
Mf743cdw
Subscribe
Mf743cdw Firmware
Subscribe
Mf745cdw
Subscribe
Mf745cdw Firmware
Subscribe
Mf746cdw
Subscribe
Mf746cdw Firmware
Subscribe
Mf810cdn
Subscribe
Mf810cdn Firmware
Subscribe
Mf820cdn
Subscribe
Mf820cdn Firmware
Subscribe
Mf8280cw
Subscribe
Mf8280cw Firmware
Subscribe
Mf8580cdw
Subscribe
Mf8580cdw Firmware
Subscribe
Wg7240
Subscribe
Wg7240 Firmware
Subscribe
Wg7250
Subscribe
Wg7250 Firmware
Subscribe
Wg7250f
Subscribe
Wg7250f Firmware
Subscribe
Wg7250z
Subscribe
Wg7250z Firmware
Subscribe
|
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2022-29544 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CADM service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15802. |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Wed, 19 Feb 2025 16:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: zdi
Published:
Updated: 2025-02-19T15:41:43.674Z
Reserved: 2022-02-08T00:00:00.000Z
Link: CVE-2022-24672
Vulnrichment
Updated: 2024-08-03T04:20:49.127Z
NVD
Status : Modified
Published: 2023-03-28T19:15:10.727
Modified: 2024-11-21T06:50:50.187
Link: CVE-2022-24672
Redhat
No data.
OpenCVE Enrichment
No data.