Critical Hole in HP Printers

Monday, March 11, 2013 @ 10:03 PM gHale


Some printers manufactured by Hewlett-Packard, including 10 of its LaserJet Professional printers, have a security vulnerability that could allow an attacker to remotely access data, according to the Computer Emergency Response Team (CERT).

The problem stems from a telnet debug shell glitch that can allow an unauthenticated user to connect to the printer and in turn, glean data, according to CERT. HP’s Software Security Response Team wrote about the problem in a security bulletin last week.

RELATED STORIES
Networked Printers Open to Attack
Fix for VoIP Phone Vulnerabilities
Secure Communication Technology
Converting Natural Gas to Chemicals

HP’s following LaserJet Pro printers are vulnerable: P1102w, P1606dn, M1212nf, M1213nf, M1214nfh, M1216nfh, M1217nfw, M1218nfs, M1219nf and CP1025nw, according to the bulletin.

German security researcher Christop von Wittich with Hentschke Bau GmbH discovered the flaw.

HP is advising affected customers to download updated firmware for printers impacted by the bug from the company’s Support Center site. The company is also encouraging those still concerned with the vulnerability to email security-alert@hp.com for further guidance.

Printers have had a handful of security vulnerabilities of late, along with other Internet-enabled devices over the last few years.



Leave a Reply

You must be logged in to post a comment.