HP has released firmware updates to address two critical RCE flaws affecting some Inkjet printers. The two flaws, tracked as CVE-2018-5924 and CVE-2018-5925, could be exploited by attackers to trigger stack or static buffer overflow.
An attacker can exploit the vulnerabilities by sending a specially crafted file to the vulnerable inkjet printers.
“Two security vulnerabilities have been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a stack or static buffer overflow, which could allow remote code execution.” reads the security advisory published by HP.
The flaws have been assigned a CVSS score of 9.8 and affected roughly 160 models, including PageWide, DesignJet, Officejet, Deskjet, Envy, and Photosmart.
Go to the Upgrading Printer Firmware page and follow the instructions provided to install the firmware.
Flaws in the firmware of printers are not a novelty, in NNovember2017, experts from FoxGlove Security firm found a potentially serious remote code execution vulnerability in some of HP’s enterprise printers.
Recently HP launched a private bug bounty program that offers up to $10,000 to white hat hackers that will discover serious issues in its printers.