Critical RCE in Canon imageCLASS MF654Cdw (CVE‑2025‑14236) Enables Remote Code Execution on Network‑Adjacent Printers
What It Is – A stack‑based buffer overflow in the dtdc_addr_importSub routine of Canon’s imageCLASS MF654Cdw multifunction printer allows an attacker to write beyond a fixed‑size stack buffer and execute arbitrary code.
Exploitability – Demonstrated live at the Pwn2Own competition; no authentication or user interaction required. CVSS 3.1 8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Affected Products – Canon imageCLASS MF654Cdw (all firmware versions prior to the Canon‑issued update).
TPRM Impact –
- Compromised printers can serve as footholds for lateral movement across corporate networks.
- Sensitive documents may be intercepted, altered, or exfiltrated.
- Organizations with large printer fleets face a supply‑chain exposure that can affect compliance and audit posture.
Recommended Actions –
- Deploy Canon’s firmware patch immediately on all MF654Cdw units.
- Isolate printers on a dedicated VLAN and enforce strict firewall rules limiting inbound traffic.
- Disable unnecessary services (e.g., web admin, SNMP) if not required.
- Conduct a full inventory of Canon MF654Cdw devices and verify patch status.
- Implement continuous monitoring for anomalous traffic to printer IPs.