CVE-2023-1764: CP2023-002 Vulnerabilities of IJ Network Tool regarding Wi-Fi connection setup

Description

A couple of vulnerabilities have been identified for IJ Network Tool (Hereafter, the Software). These vulnerabilities suggest the possibility that an attacker connected to the same network as the printer may be able to acquire sensitive information on the Wi-Fi connection setup of the printer by using the Software or by referring to its communication.

Affected Products/Versions

IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13)

IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8)

CVE/CVSS

CVE-2023-1763:

Acquisition of sensitive information on the Wi-Fi connection setup of the printer from the Software

CVSS v3 CVSS: 3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score: 6.5

CVE-2023-1764:

Acquisition of sensitive information on the Wi-Fi connection setup of the printer from the communication of the Software

CVSS v3 CVSS: 3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score: 6.5

Mitigation/Remediation

For CVE-2023-1763:

The workaround for this vulnerability is to use printers with a trusted network connection. Please refer here for “Securing products when connecting to a network”. In addition, the Software designed to address this issue will be released accordingly.

For CVE-2023-1764:

The workaround for this vulnerability is to use printers with a trusted network connection. Please refer here for “Securing products when connecting to a network”.