We identified Pre-auth RCE vulnerabilities in Canon printers (CVE-2023-0853, CVE-2023-0854) and also discovered Pre-auth RCE flaws in HP printers, which led to our achievement of the Master of Pwn title at Pwn2Own Toronto 2022. This article will detail the vulnerabilities and exploitation methods for both Canon and HP printers.
In 2021, we found Pre-auth RCE vulnerabilities(CVE-2022-24673 and CVE-2022-3942) in Canon and HP printers, and vulnerability(CVE-2021-44734) in Lexmark. We used these vulnerabilities to exploit Canon ImageCLASS MF644Cdw, HP Color LaserJet Pro MFP M283fdw and Lexmark MC3224i in Pwn2Own Austin 2021. Following we will describe the details of the Canon and HP vulnerabilities and exploitation.
We have successfully found a serious vulnerability in the NAS, and successfully wrote a proof-of-concept, which proved that it can be exploited on many NAS such as Synology, QNAP and Asustor.
