QID 43899

Date Published: 2022-03-07

QID 43899: HP LaserJet Multiple Vulnerabilities (HPSBPI03748,HPSBPI03749)

A potential security vulnerability has been identified with certain HP LaserJet printers. The vulnerability could be exploited for Information Disclosure and Buffer Overflow.

Affected Products:
HP LaserJet M551 series Model:CF082A
HP LaserJet M606 series Model:E6B73A
HP LaserJet M553 series Model:B5L26A,B5L25A
HP LaserJet M601 series Model:CE990A
HP LaserJet M680 series Model:CZ249A
HP LaserJet M651 series Model:CZ256A
HP LaserJet M604 series Model:E6B67A,E6B68A
HP LaserJet M605 series Model:E6B69A,E6B70A,E6B71A
HP Color LaserJet MFP M681 Model:J8A10A,J8A11A,J8A12A,J8A13A
HP Color LaserJet MFP M682 Model:J8A16A,J8A17A

QID Detection Logic :
The QID checks for vulnerable models of HP LaserJet Printers.
Note: QID is marked practice as there is no check for firmware version.

Successfully exploiting this vulnerability might allow a remote attacker to gain access to sensitive information and perform buffer overflow.

  • CVSS V3 rated as Critical - 9.8 severity.
  • CVSS V2 rated as High - 7.5 severity.
    • Solution
    Vendor has released an update version of firmware to fix this vulnerability.

    Customers are advised to refer to HPSBPI03748 and HPSBPI03749 for more information.

    Vendor References

    CVEs related to QID 43899

    CVE-2021-39237 | CVE-2021-39238 |
    Software Advisories
    Advisory ID Software Component Link
    HPSBPI03748 URL Logo support.hp.com/us-en/document/ish_5000124-5000148-16
    HPSBPI03749 URL Logo support.hp.com/us-en/document/ish_5000383-5000409-16
    By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].