This is REALLY bad - most especially for corporate networks. Even if the printer is behind a firewall / router, malware could get into one of the local network PCs (or an IoT device) and then create a permanent beach-head on the printer (surviving a power cycle!) which can eavesdrop the network or get into whatever mischief it wants.
Basically these printers are running Linux network services that have no business running because the HP programmers were lazy. HP has released firmware updates, but unless you have the HP updater installed (and who the hell ever does THAT?) you'll need to install it manually.
Even though they don't mention HP network laser printers, I would highly recommend updating their firmware too since I wouldn't be surprised if there's common code.
https://www.tenable.com/blog/rooting-a- ... -execution
SEVERE HP OfficeJet Pro / PageWide printer exploit
- FlyingPenguin
- Flightless Bird
- Posts: 32783
- Joined: Wed Nov 22, 2000 11:13 am
- Location: Central Florida
- Contact:
SEVERE HP OfficeJet Pro / PageWide printer exploit
Christians warn us about the anti-christ for 2,000 years, and when he shows up, they buy a bible from him.
Re: SEVERE HP OfficeJet Pro / PageWide printer exploit
wow... I bet some company could be started that charged about 10-15% more then all the competitors but did SOLID security.
Re: SEVERE HP OfficeJet Pro / PageWide printer exploit
Thanks for the Alert. I just updated the HP in the lab.