1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Your HP printer could be facing the risk of a serious cyberattack

    From TechnologyDaily@1337:1/100 to All on Wed Mar 23 15:00:04 2022
    Your HP printer could be facing the risk of a serious cyberattack

    Date:
    Wed, 23 Mar 2022 14:41:38 +0000

    Description:
    Patches issued for multiple vulnerabilities affecting hundreds of HP printers.

    FULL STORY ======================================================================

    HP has issued patches for four dangerous vulnerabilities affecting hundreds
    of its printers . According to two security advisories that the company published, the vulnerabilities could lead to remote code execution, data theft, or denial of service.

    The models affected by the flaws include the likes of the LaserJet Pro
    series, Pagewide Pro series, OfficeJet, Enterprise, Large Format, and
    DeskJet.

    The first issue is tracked as CVE-2022-3942. It comes with an 8.4 severity score, which would rank it as high severity, but HP tracks it as critical. TechRadar needs you!

    We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a 100 Amazon gift card (or equivalent in USD). Thank you for taking part.

    Click here to start the survey in a new window << Not all devices have patches

    Certain HP Print products and Digital Sending products may be vulnerable to potential remote code execution and buffer overflow with the use of
    Link-Local Multicast Name Resolution or LLMNR. the company said in one of the advisories.

    The second advisory discusses three additional flaws, two of which are described as critical and one as high severity. These could lead to remote code execution, denial of service, or information exfiltration.

    Tracked as CVE-2022-24291, CVE-2022-24292, and CVE-2022-24293, these can also be addressed by updating the device firmware.

    HP endpoint admins interested in updating their devices should visit HPs official software and driver download portal, to look for the appropriate
    fix. Read more

    Your printer: it's a vulnerable, connected device


    These ancient HP printer security flaws are still exposing 150 models to
    attack


    Mischievous hackers could use a simple trick to send printers berserk

    The bad news is that HP did not prepare firmware updates for all of the affected devices, but it did offer workarounds. Most of them include
    disabling LLMNR (Link-Local Multicast Name Resolution) in network settings.

    Those interested in disabling unused network protocols via embedded web
    server for LasterJet Pro should check out more details here. Those with other devices should refer to the guidelines on this link.

    These are high-severity risks, which could potentially be abused with malware for remote code execution. As such, they are too risky not to be addressed, and admins should move fast to plug these holes as soon as possible. Check
    out our list of the best all-in-one printers right now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/your-hp-printers-could-face-a-serious-cyberatta ck/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)