[German]HP has published a warning about a buffer overflow vulnerability in the firmware of various printer models (Inkjet, Laserjet Pro and HP PageWide Pro printers) on September 21, 2022. One vulnerability even potentially allows remote code execution (RCE). Firmware updates for the affected printer models are now available.
Vulnerability in HP printers
There are two serious vulnerabilities in various HP printers, as HP discloses in security advisory ish_6839789-6839813-16 dated September 21, 2022. Certain HP printing products are potentially vulnerable to a buffer overflow and/or remote code execution. It affects the following vulnerabilities:
HP is not disclosing details about the two vulnerabilities. HP has since released firmware updates to address the vulnerabilities for the affected devices. To get the updated firmware, go to HP's software and driver downloads page. Then, the firmware update can be searched for by entering the printer model. According to HP, various inkjet printers (HP DeskJet), Laserjet Pro printers and HP PageWide Pro printers are affected. Details can be found in the security notice (the page takes quite a long time to load).
Cookies helps to fund this blog: Cookie settings