SEVERE HP OfficeJet Pro / PageWide printer exploit

Discussions about anything Computer Hardware Related. Overclocking, underclocking and talk about the latest or even the oldest technology. PCA Reviews feedback
Post Reply
User avatar
FlyingPenguin
Flightless Bird
Posts: 32773
Joined: Wed Nov 22, 2000 11:13 am
Location: Central Florida
Contact:

SEVERE HP OfficeJet Pro / PageWide printer exploit

Post by FlyingPenguin »

This is REALLY bad - most especially for corporate networks. Even if the printer is behind a firewall / router, malware could get into one of the local network PCs (or an IoT device) and then create a permanent beach-head on the printer (surviving a power cycle!) which can eavesdrop the network or get into whatever mischief it wants.

Basically these printers are running Linux network services that have no business running because the HP programmers were lazy. HP has released firmware updates, but unless you have the HP updater installed (and who the hell ever does THAT?) you'll need to install it manually.

Even though they don't mention HP network laser printers, I would highly recommend updating their firmware too since I wouldn't be surprised if there's common code.

https://www.tenable.com/blog/rooting-a- ... -execution
"Turns out I’m 'woke.' All along, I thought I was just compassionate, kind, and good at history. "

Image
User avatar
Pugsley
Posts: 7454
Joined: Mon Aug 19, 2002 11:54 pm
Location: NW Indiana
Contact:

Re: SEVERE HP OfficeJet Pro / PageWide printer exploit

Post by Pugsley »

wow... I bet some company could be started that charged about 10-15% more then all the competitors but did SOLID security.
User avatar
Err
Life Member
Posts: 5842
Joined: Thu Nov 22, 2007 11:54 am

Re: SEVERE HP OfficeJet Pro / PageWide printer exploit

Post by Err »

Thanks for the Alert. I just updated the HP in the lab.
Post Reply