Two vulnerabilities in HP printers make more than 150 models of the manufacturer vulnerable. This concerns both business printers and printers that are sold to consumers. HP has released an update.
The bugs were discovered by security company F-Secure that are findings shares in a blog. The vulnerability could allow the printer itself to be read and potentially intercept documents scanned with a multifunction printer. In addition, the printer can also be an entrance to other devices on the network.
HP was informed of the vulnerabilities by F-Secure in April and the manufacturer has since released an update that closes the leak. It’s about CVE-2021-39237 and CVE-2021-39238† HP has published a list of affected models on the pages of the two vulnerabilities. Owners of these printers are advised to update as soon as possible.
The vulnerability is in models released since 2013. It is not clear whether either of the two vulnerabilities has been actively exploited. According to researchers at F-Secure, exploiting the vulnerabilities for attacks is relatively complicated. The vulnerabilities allow both remote attacks and attacks through the physical ports of the device.