Industry News

54 HP Printer Models for Enterprises Remotely Vulnerable to Attackers

A remotely exploitable vulnerability in 54 HP printer models for enterprises has recently been found – and patched – that could allow threat actors to breach companies’ infrastructure using rogue printer firmware.

Security researchers managed to bypass the printer’s signature verification process that vets legitimate firmware update files, enabling them to install tampered firmware updates that would allow for remote control over the affected printers. Although the process involved reverse engineering HP’s firmware signature validation algorithm, researchers also found other vulnerabilities that could allow cybercriminals to interfere with the printer’s operations.

“Insufficient Solution DLL Signature Validation allows potential execution of arbitrary code,” reads the advisory.

Since enterprise printers are usually network-accessible, compromising one with rogue firmware would give cybercriminals a foothold into an organization’s network, enabling them to move laterally across networks in search of other vulnerable targets.

“With a method to construct our own HP software “Solution” packages, and another to bypass their digital signature validation mechanism, the only remaining hurdle was to build a piece of malware compatible with HP’s platform,” reads the researcher’s report.

Since the vulnerability can be weaponized to deliver any malicious payload, the risk of having these printers compromised by cybercriminals are very high, especially since they’re mostly deployed by companies.

The security advisory issued by HP lists 25 enterprise printer models affected by the arbitrary code execution flaw, and encourages everyone that has one within their infrastructure to update their firmware with the latest security patches.

For the full list of affected HP business printers, please check here.

About the author


Liviu Arsene is the proud owner of the secret to the fountain of never-ending energy. That's what's been helping him work his everything off as a passionate tech news editor for the past couple of years. He is the youngest and most restless member of the Bitdefender writer team and he covers mobile malware and security topics with fervor and a twist. His passions revolve around gadgets and technology, and he's always ready to write about what's hot and trendy out there in geek universe.

1 Comment

Click here to post a comment