More than hundred HP inkjet printers are vulnerable to remote code execution vulnerabilities that are classified by HP as critical. By exploiting the vulnerabilities, an attacker could remotely execute arbitrary code by sending a specially prepared file.
In total there are two vulnerabilities that are both classified with a severity of 9.8 out of 10. By sending a maliciously crafted file to a vulnerable device, attackers can trigger a buffer overflow and then remotely execute arbitrary code.
HP has made firmware updates available. Owners of HP PageWide Pro, DesignJet, OfficeJet, Deskjet and Envy series printers should check this page to see if their exact model is affected. They should then download firmware updates that patch the vulnerabilities from the HP website.
HP urges users to install the updates as soon as possible, as the company writes, ” The information in this security bulletin should be acted upon as soon as possible.”