SEVERE HP OfficeJet Pro / PageWide printer exploit
Posted: Wed Jun 28, 2017 8:35 pm
This is REALLY bad - most especially for corporate networks. Even if the printer is behind a firewall / router, malware could get into one of the local network PCs (or an IoT device) and then create a permanent beach-head on the printer (surviving a power cycle!) which can eavesdrop the network or get into whatever mischief it wants.
Basically these printers are running Linux network services that have no business running because the HP programmers were lazy. HP has released firmware updates, but unless you have the HP updater installed (and who the hell ever does THAT?) you'll need to install it manually.
Even though they don't mention HP network laser printers, I would highly recommend updating their firmware too since I wouldn't be surprised if there's common code.
https://www.tenable.com/blog/rooting-a- ... -execution
Basically these printers are running Linux network services that have no business running because the HP programmers were lazy. HP has released firmware updates, but unless you have the HP updater installed (and who the hell ever does THAT?) you'll need to install it manually.
Even though they don't mention HP network laser printers, I would highly recommend updating their firmware too since I wouldn't be surprised if there's common code.
https://www.tenable.com/blog/rooting-a- ... -execution