HP warns of critical vulnerabilities affecting many printers. A firmware update should be performed.
Hundreds of HP printers are affected by vulnerabilities
© Ken Wolter / Shutterstock.com
According to a security bulletin from HP, hundreds of the manufacturer’s printers are affected by a critical security vulnerability (CVE-2022-3942). This vulnerability was discovered and reported by Trend Micro security researchers. The HP printers are said to be vulnerable to remote code execution and buffer overflow when using Link-Local Multicast Name Resolution (LLMNR).
The vulnerability is reported after HP is able to provide firmware updates for the affected devices. It is recommended that printer owners download and install these updates through HP’s driver download software.
These HP printers are specifically affected
All affected HP printer models are listed in the bulletin under “Affected products”. A distinction is made between models in the following product lines: HP Enterprise printers, HP Laserjet Pro printers, HP Pagewide Pro printers, HP Deskjet and Officejet printers, HP DesignJet printers and HP Pagewide printers.
For each product line, HP lists the exact models affected and which new firmware version fixes the critical vulnerability. For some models, however, no new firmware version is available. Here HP recommends: “Certain HP Enterprise and HP LaserJet Pro printers may also resolve the issue by disabling LLMNR in the network settings”. Reference is then made to this and this manual.
Three more vulnerabilities in HP printers – an update is also necessary here
In another security bulletin, HP points out
three other vulnerabilities
that affect HP printer models. HP rates the danger of one vulnerability (CVE-2022-24291) as “high”, the other two vulnerabilities (CVE-2022-24292 and CVE-2022-24293) as “critical”. Specifically, these are vulnerabilities that attackers could use to steal personal information from users or carry out DoS or remote code execution attacks.
The recommendation here: The current firmware version should be installed on the HP printers. Because here, too, the gaps have already been closed accordingly.
Models of the HP printer families HP Laserjet Pro, HP Pagewide Pro and HP Officejet are affected. A detailed list of the devices can be found on this page under “Affected products” plus information about which updated firmware version should be installed.
Test: The best multifunction printers up to 100 euros in comparison