HP releases firmware updates for two critical RCE flaws in Inkjet Printers

Haythem Elmir

HP has released firmware updates that address two critical remote code execution vulnerabilities in some models of inkjet printers.

HP has released firmware updates to address two critical RCE flaws affecting some Inkjet printers. The two flaws, tracked as CVE-2018-5924 and CVE-2018-5925, could be exploited by attackers to trigger stack or static buffer overflow.

An attacker can exploit the vulnerabilities by sending a specially crafted file to the vulnerable inkjet printers.

“Two security vulnerabilities have been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a stack or static buffer overflow, which could allow remote code execution.” reads the security advisory published by HP.

The flaws have been assigned a CVSS score of 9.8 and affected roughly 160 models, including PageWide, DesignJet, Officejet, Deskjet, Envy, and Photosmart.

To download the firmware updates, go to the HP Software and Drivers page for your product and find the appropriate firmware update from the list of available software.

Go to the Upgrading Printer Firmware page and follow the instructions provided to install the firmware.

HP inkjet printers hacking

Flaws in the firmware of printers are not a novelty, in NNovember2017, experts from FoxGlove Security firm found a potentially serious remote code execution vulnerability in some of HP’s enterprise printers.

Recently HP launched a private bug bounty program that offers up to $10,000 to white hat hackers that will discover serious issues in its printers.



To read the original article:


Laisser un commentaire

Next Post

WannaCry still alive and kicking – TSMC confirms ‘virus’ that halted operations was the infamous ransomware

After inflicting billions of dollars in damages since its outbreak more than a year ago, the ill-famed WannaCry ransomware continues to claim victims. Taiwan Semiconductor Manufacturing Company (TSMC), which last week reported a malware incident at its plants, has now confirmed that the so-called ‘virus’ affecting its systems was none other than […]