Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

HP Printers RCE Vulnerability

Information

Severity

Severity

High

Family

Family

Gain a shell remotely

CVSSv2 Base

CVSSv2 Base

7.5

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

5 years ago

Modified

Modified

4 years ago

Summary

Multiple HP Printers are vulnerable to RCE attacks.

Insight

Insight

A flaw in HP's Digital Signature Validation makes it possible to load malicious DLLs onto an HP printer and use it to execute arbitrary code on the machine.

Affected Software

Affected Software

Affected are the following Printers and Firmwares: - HP Color LaserJet Enterprise M651 (CZ255A, CZ256A, CZ257A, CZ258A) - Firmware before v 2405129_000047 - HP Color LaserJet Enterprise M652 (J7Z98A, J7Z99A) - Firmware before v 2405130_000068 - HP Color LaserJet Enterprise M653 (J8A04A, J8A05A, J8A06A) - Firmware before v 2405130_000068 - HP Color LaserJet Enterprise MFP M577 (B5L46A, B5L47A, B5L48A) - Firmware before v 2405129_000038 - HP Color LaserJet Enterprise M552 (B5L23A, B5L23V) - Firmware before v 2308903_577315 - HP Color LaserJet Enterprise M553 (B5L24A, B5L25A, B5L26A, B5L27A, B5L38A) - Firmware before v 2308903_577315 - HP Color LaserJet M680 (CZ250A, CA251A) - Firmware before v 2405129_000042 - HP Color LaserJet Managed E65050 (L3U55A) - Firmware before v 2405130_000068 - HP Color LaserJet Managed E65060 (L3U56A, L3U57A) - Firmware before v 2405130_000068 - HP LaserJet Enterprise 500 color MFP M575 (CD644A, CD645A) - Firmware before v 2405129_000045 - HP LaserJet Enterprise 500 MFP M525 (CF116A, CF117A) - Firmware before v 2405129_000048 - HP LaserJet Enterprise 700 color MFP M775 (CF304A, CC523A, CC524C, CC522A, L3U49A, L3U50A) - Firmware before v 2405129_000061 - HP LaserJet Enterprise 800 color M855 (A2W77A, A2W78A, A2W79A) - Firmware before v 2405129_000057 - HP LaserJet Enterprise 800 color MFP M880 (A2W76A, A2W75A, D7P70A, D7P71A) - Firmware before v 2405129_000054 - HP LaserJet Enterprise color flow MFP M575 (CD646A) - Firmware before v 2405129_000045 - HP LaserJet Enterprise flow M830z MFP (CF367A) - Firmware before v 2405129_000060 - HP LaserJet Enterprise flow MFP M525 (CF118A) - Firmware before v 2405129_000048 - HP LaserJet Enterprise Flow MFP M630 (B3G85A) - Firmware before v 2405129_000040 - HP LaserJet Enterprise Flow MFP M631 (J8J64A) - Firmware before v 2405129_000041 - HP LaserJet Enterprise Flow MFP M632 (J8J72A) - Firmware before v 2405129_000041 - HP LaserJet Enterprise Flow MFP M633 (J8J78A) - Firmware before v 2405129_000041 - HP LaserJet Enterprise M527 (F2A76A, F2A77A, F2A81A) - Firmware before v 2405129_000039 - HP LaserJet Enterprise M607 (K0Q14A, K0Q15A) - Firmware before v 2405130_000069 - HP LaserJet Enterprise M608 (K0Q17A, K0Q18A, M0P32A, K0Q19A) - Firmware before v 2405130_000069 - HP LaserJet Enterprise M609 (K0Q20A, K0Q21A, K0Q22A) - Firmware before v 2405130_000069 - HP LaserJet Enterprise M806 (CZ244A, CZ245A) - Firmware before v 2405129_000059 - HP LaserJet Enterprise MFP M630 (J7X28A) - Firmware before v 2405129_000040 - HP LaserJet Enterprise MFP M631 (J8J63A, J8J65A) - Firmware before v 2405129_000041 - HP LaserJet Enterprise MFP M632 (J8J70A, J8J71A) - Firmware before v 2405129_000041 - HP LaserJet Enterprise MFP M633 (J8J76A) - Firmware before v 2405129_000041 - HP LaserJet Enterprise MFP M725 (CF066A, CF067A, CF068A, CF069A) - Firmware before v 2405129_000058 - HP LaserJet Managed E60055 (M0P33A) - Firmware before v 2405130_000069 - HP LaserJet Managed E60065 (M0P35A, M0P36A) - Firmware before v 2405130_000069 - HP LaserJet Managed E60075 (M0P39A, M0P40A) - Firmware before v 2405130_000069 - HP LaserJet Managed Flow MFP E62555 (J8J67A) - Firmware before v 2405129_000041 - HP LaserJet Managed Flow MFP E62565 (J8J74A, J8J79A) - Firmware before v 2405129_000041 - HP LaserJet Managed Flow MFP E62575 (J8J80A) - Firmware before v 2405129_000041 - HP LaserJet Managed MFP E62555 (J8J66A) - Firmware before v 2405129_000041 - HP LaserJet Managed MFP E62565 (J8J73A) - Firmware before v 2405129_000041 - HP OfficeJet Enterprise Color Flow MFP X585 (B5L06A, B5L06V, , B5L07A) - Firmware before v 2405129_000050 - HP OfficeJet Enterprise Color MFP X585 (B5L04A, B5L04V, B5L05A, B5L05V) - Firmware before v 2405129_000050 - HP PageWide Enterprise Color 765 (J7Z04A) - Firmware before v 2405087_018564 - HP PageWide Enterprise Color MFP 586 (G1W39A, G1W39V, G1W40A, G1W40V) - Firmware before v 2405129_000066 - HP PageWide Enterprise Color MPF 780 (J7Z09A, J7Z10A) - Firmware before v 2405087_018548 - HP PageWide Enterprise Color MPF 785 (J7Z11A, J7Z12A) - Firmware before v 2405087_018548 - HP PageWide Enterprise Color X556 (G1W46A, G1W46V, G1W47A, G1W47V, L3U44A) - Firmware before v 2405129_000051 - HP PageWide Managed Color E55650 (L3U44A) - Firmware before v 2405129_000051 - HP PageWide Managed Color E75160 (J7Z06A) - Firmware before v 2405087_018564 - HP PageWide Managed Color Flow MFP 586 (G1W41A, G1W41V) - Firmware before v 2405129_000066 - HP PageWide Managed Color Flow MFP E77650 (J7Z08A, J7Z14A) - Firmware before v 2405087_018548 - HP PageWide Managed Color Flow MFP E77660 (Z5G77A, J7Z03A, J7Z07A, J7Z05A) - Firmware before v 2405087_018548 - HP PageWide Managed Color MFP E77650 (J7Z13A, Z5G79A) - Firmware before v 2405087_018548 - HP ScanJet Enterprise Flow N9120 Doc Flatbed Scanner (L2683A) - Firmware before v 2405087_018552 - HP Digital Sender Flow 8500 fn2 Doc Capture Workstation (L2762A) - Firmware before v 2405087_018553

Detection Method

Detection Method

The script checks if a vulnerable Firmware is installed on the host.

Solution

Solution

Update to the fixed Firmware version

Common Vulnerabilities and Exposures (CVE)