Hundreds of HP printer models contain vulnerabilities that allow remote code execution attacks

HP has issued security warnings for three critical vulnerabilities affecting hundreds of LaserJet Pro, Pagewide Pro, OfficeJet, Enterprise, Large Format, and DeskJet printer models.

The first warning is about a buffer overflow vulnerability that could lead to remote code execution on affected machines. This vulnerability is tracked under code CVE-2022-3942 and reported by Trend Micro's Zero Day Initiative team. HP assesses this vulnerability at a serious level, although according to the CVSS scale it only reaches 8.4 points, corresponding to a high level of danger.

HP has now released firmware security updates for most of the affected products. For unpatched models, HP provides mitigation instructions that primarily revolve around disabling LLMNR in network settings.

The next holes

HP's second warning talks about two particularly critical vulnerabilities and one critical vulnerability that can be exploited for information disclosure, remote code execution, and denial of service.

These three vulnerabilities are tracked under the codes CVE-2022-24291 (high severity: 7.5 points), CVE-2022-24292 (special severity: 9.8 points), and CVE-2022- 24293 (severe severity: 9.8 points). These vulnerabilities were also discovered by the Zero Day Initiative team.

In this case, the advice given is to update your printer's firmware to the specified version. However, not all printer models are provided with patch updates.

Currently, there is no fix for LaserJet Pro models. HP only marked these models as pending, so an update may be rolling out in the future.

Jessica Tanner

Update 24 March 2022