Over a hundred HP inkjet printers are vulnerable to remote code execution vulnerabilities that are classified by HP as critical. By exploiting the vulnerabilities, an attacker could remotely execute arbitrary code by sending a specially prepared file.
There are two vulnerabilities that are both classified with a severity of 9.8 out of 10. By sending a maliciously crafted file to a vulnerable device, attackers can trigger a buffer overflow and then remotely execute arbitrary code repors myce today. HP has made firmware updates available. Owners of HP PageWide Pro, DesignJet, OfficeJet, Deskjet and Envy series printers should check this page to see if their exact model is affected. They should then download firmware updates that patch the vulnerabilities from the HP website.
HP urges users to install the updates as soon as possible, as the company writes, ” The information in this security bulletin should be acted upon as soon as possible.”