More than hundred HP printer models vulnerable to two very critical vulnerabilities

Posted 06 August 2018 23:41 CET by Jan Willem Aldershoff

More than hundred HP inkjet printers are vulnerable to remote code execution vulnerabilities that are classified by HP as critical. By exploiting the vulnerabilities, an attacker could remotely execute arbitrary code by sending a specially prepared file.

In total there are two vulnerabilities that are both classified with a severity of 9.8 out of 10. By sending a maliciously crafted file to a vulnerable device, attackers can trigger a buffer overflow and then remotely execute arbitrary code.

HP has made firmware updates available. Owners of HP PageWide Pro, DesignJet, OfficeJet, Deskjet and Envy series printers should check this page to see if their exact model is affected. They should then download firmware updates that patch the vulnerabilities from the HP website.

HP urges users to install the updates as soon as possible, as the company writes, ” The information in this security bulletin should be acted upon as soon as possible.”

Related content

Comments on this story

We don't show comment's on news stories. But you are very welcome to join the discussion on this topic on our forum.

Discuss this story here