[German]There are security vulnerabilities in the firmware of various HP printers that allow remote code execution. HP is supposedly preparing a firmware update, which should be released this week. Update: The firmware update has been released.
According to The Register, the HP MFP-586 and M553 printer models are affected with a remote code execution vulnerability. Security researchers at foxglovesecurity. com had uncovered several bugs and vulnerabilities in the firmware of these printer models and informed HP.
The vulnerabilities are discussed within this document. It’s possible to manipulate PIN protected print jobs or resetting the devices to factory defaults. If the information provided by The Register are accurate, HP will ship a firmware updates for affected printers this week to close these vulnerabilities.
HP-Security Bulletin and Firmware-Update
Addendum: HP has released Security Bulletin c05839270, dated November 17, 2017. This bulletin contains a description of vulnerability CVE-2017-2750, PSR-2017-0141. The document also enlists all vulnerable HP Office printers and the firmware updates.
To download the new firmware, visit the HP website in your browser, and select the category Support angewählt werden. Enter the product name in search box, scroll down in the search results to firmware and download the necessary files.