Hundreds of HP printer models contain vulnerabilities that allow remote code execution attacks
HP has issued security warnings for three critical vulnerabilities affecting hundreds of LaserJet Pro, Pagewide Pro, OfficeJet, Enterprise, Large Format, and DeskJet printer models.
The first warning is about a buffer overflow vulnerability that could lead to remote code execution on affected machines. This vulnerability is tracked under code CVE-2022-3942 and reported by Trend Micro's Zero Day Initiative team. HP assesses this vulnerability at a serious level, although according to the CVSS scale it only reaches 8.4 points, corresponding to a high level of danger.
HP has now released firmware security updates for most of the affected products. For unpatched models, HP provides mitigation instructions that primarily revolve around disabling LLMNR in network settings.
The next holes
HP's second warning talks about two particularly critical vulnerabilities and one critical vulnerability that can be exploited for information disclosure, remote code execution, and denial of service.
These three vulnerabilities are tracked under the codes CVE-2022-24291 (high severity: 7.5 points), CVE-2022-24292 (special severity: 9.8 points), and CVE-2022- 24293 (severe severity: 9.8 points). These vulnerabilities were also discovered by the Zero Day Initiative team.
In this case, the advice given is to update your printer's firmware to the specified version. However, not all printer models are provided with patch updates.
Currently, there is no fix for LaserJet Pro models. HP only marked these models as pending, so an update may be rolling out in the future.
You should read it
- 'Printer Catastrophe' Vulnerability Threatens All Versions of Windows
- Detecting an 8-year-old security flaw, affecting 150 HP printer models
- If you hack HP's printer, you will receive $ 10,000
- Detect a rare vulnerability that causes problems with the printer on Windows 10
- How to share a printer via LAN
- Discovered a new zero-day vulnerability on macOS that allows attackers to run commands remotely
- The best 3D printers 2019
- Immediately patch CWP vulnerability that allows code execution as root on Linux servers
- VMware patches RCE Spring4Shell vulnerability on a wide range of products
- Log4Shell zero-day vulnerability discovered, the new nightmare of enterprises
- Common HP printer error codes and how to fix HP printer errors
- Inkjet (inkjet) and laser printers: Which type is right for you?
Maybe you are interested
Top 7 best vertical mouse models worth owning in 2024
Apple adds several iPhone and Watch models to its obsolete product list
Series of DrayTek router models have security holes
Pixel 9's new AI features could soon expand to older models
Top 6 smart ring models today
The 5 most popular Apple Watch models of all time