HP Printer Flaw Puts 150 Models at Risk—Install this Patch Right Now

Home Technology HP Printer Flaw Puts 150 Models at Risk—Install this Patch Right Now
HP Printer Flaw Puts 150 Models at Risk—Install this Patch Right Now
Image for article titled HP Printer Flaw Puts 150 Models at Risk—Install this Patch Right Now
Screenshot: F-Secure via Vimeo

HP printer owners should download the latest firmware to protect their devices from critical security flaws.

Advertisement

Researchers at F-Secure recently revealed serious vulnerabilities affecting approximately 150 HP printer models including HP Color LaserJet Enterprise, HP LaserJet Enterprise, HP PageWide, HP OfficeJet Enterprise Color, and HP ScanJet Enterprise 8500 FN1 Document Capture Workstation series.

Dubbed “Printing Shellz,” the flaw consists of two separate vulnerabilities that give attackers a way to steal your personal information. The flaw exists in the printers’ communication board and font parser. When exploited, an attacker can gain code execution rights to nab information from the printer or use the machine as a source for further attacks.

The more dangerous of the vulnerabilities, CVE-2021-39238 (CVSS score of 9.3), is a buffer overflow issue that’s wormable, meaning it can dig its way into other vulnerable multi-function printers. Moreover, the flaw can be executed remotely by luring a victim to a malicious website and delivering an exploit payload from the browser to the printer, a technique called cross-site printing.