Canon have warned that nearly 200 of their home, office, and large-format inkjet printer models have a bug which means network details are not necessarily wiped when you do a factory reset. This could be an issue if you hand your printer off to a third-party, such as sell it, get it repaired, or lend it to someone. Anyone with the requisite knowledge could extract your network’s credentials from the printer and then use them to infiltrate your network.
Canon recommend that you manually erase Wi-Fi settings before giving it to someone else. For some models this can be done by:
- Reset all settings (Reset settings -> Reset all)
- Enable the wireless LAN
- Reset all settings again.
If the printer does not have a “Reset all” option in the menu, then look for:
- Reset LAN settings
- Enable the wireless LAN
- Reset LAN settings again.
Canon recommend you consult your printer’s manual if your printer has none of these menu options.
The full list of affected printer models can be seen here.
The original Canon security advisory can be seen here.