HP published two security bulletins that inform customers about critical security issues affecting hundreds of the company’s printer models. Firmware updates that patch the security issues are available for some printer models but not for all.
The first security bulletin confirms that certain HP printer models are affected by critically rated security issue CVE-2022-3942. The remote code execution and buffer overflow issue uses Link-Local Multicast Name Resolution (LLMNR). The issue is rated 8.4 out of 10.
HP created firmware updates for some of the affected printer models and released mitigation instructions for others. Models of the following printer families are affected by the vulnerability according to HP:
- HP Color LaserJet Enterprise
- HP Color LaserJet Managed
- HP Digital Sender Flow
- HP LaserJet Enterprise 500
- HP LaserJet Enterprise Color Flow
- HP LaserJet Managed Flow
- HP LaserJet Enterprise Flow
- HP LaserJet Enterprise 600
- HP LaserJet…