Hostess

**Name of the Vulnerable Software and Affected Versions** Canon MG3100 version Canon MG5300 version Canon MG6100 version Canon MP495 version Canon MX340 version Canon MX870 version Canon MX890 version Canon MX920 version Canon MX922 version **Description** The issue allows physically proximate attackers to obtain sensitive information by reading the screen of an unattended workstation. This is because the English/pages MacUS/wls set content.html page on the affected Canon printers shows the Wi-Fi PSK passphrase in cleartext. **Recommendations** For Canon MG3100, ensure the workstation is attended at all times to prevent unauthorized access to the screen. For Canon MG5300, ensure the workstation is attended at all times to prevent unauthorized access to the screen. For Canon MG6100, ensure the workstation is attended at all times to prevent unauthorized access to the screen. For Canon MP495, ensure the workstation is attended at all times to prevent unauthorized access to the screen. For Canon MX340, ensure the workstation is attended at all times to prevent unauthorized access to the screen. For Canon MX870, ensure the workstation is attended at all times to prevent unauthorized access to the screen. For Canon MX890, ensure the workstation is attended at all times to prevent unauthorized access to the screen. For Canon MX920, ensure the workstation is attended at all times to prevent unauthorized access to the screen. For Canon MX922, ensure the workstation is attended at all times to prevent unauthorized access to the screen.

**Name of the Vulnerable Software and Affected Versions** Canon MG3100 Canon MG5300 Canon MG6100 Canon MP495 Canon MX340 Canon MX870 Canon MX890 Canon MX920 Canon MX922 **Description** The issue allows remote attackers to cause a denial of service, resulting in a device hang, by sending a crafted `LAN TXT24` parameter to the "English/pages MacUS/cgi lan.cgi" API endpoint, followed by a direct request to "English/pages MacUS/lan set content.html". **Recommendations** For each of the affected Canon printer models, consider restricting access to the `cgi lan.cgi` and `lan set content.html` endpoints to minimize the risk of exploitation. As a temporary workaround, avoid using the `LAN TXT24` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.