Home > Cyber News > Highly Critical CVE-2018-5924 in HP Printers, Update Firmware Now!
CYBER NEWS

Highly Critical CVE-2018-5924 in HP Printers, Update Firmware Now!

by   |  Last Update:  |  0 Comments  

A couple of new critical security flaws were found in HP printers.

CVE-2018-5924, CVE-2018-5925 in HP Printers

One of the vulnerabilities resides in the firmware of certain HP printers, and it has been classified as very critical. This vulnerability is known as CVE-2018-5924 and affects an unknown function. What is known is that the manipulation with an unknown input leads to a memory corruption flaw. The second vulnerability, CVE-2018-5925, appears to be related to the first one.






How can an attack take place? As explained by HP, “a maliciously crafted file sent to an affected device can cause a stack or static buffer overflow, which could allow remote code execution”.

Fortunately, HP has already provided firmware updates for the affected products, such as Pagewide Pro, DesignJet, OfficeJet, DeskJet and Envy printers.

To obtain the updated firmware, users are urged to go to the HP Software and Drivers page for the particular product, find the firmware update from the list of available software, and follow the instructions.

Just last week, HP announced it will be inviting white hat hackers to test its printers for bugs that hackers could exploit for malicious purposes. The one-of-a-king bug bounty program is launched in partnership with bug bounty platform Bugcrowd.

Related Story: One-of-a-Kind HP Printer Bug Bounty to Improve Network Security

According to a 2018 report by Bugcrowd, endpoint devices are increasingly targeted by malicious actors, with a 21 percent increase in total endpoint bugs reported in the last year. Thus, HP decided to launch a printer-only vulnerability disclosure program encouraging researchers to discover and report bugs.

Depending on the scale of the vulnerability, bug bounties will vary between $500 and $10,000.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Related posts:
  1. One-of-a-Kind HP Printer Bug Bounty to Improve Network Security Printers are often the weakest link in an organization, with...
  2. Adobe Patches 112 Vulnerabilities in Latest Patch Package (CVE-2018-5007) Adobe has released the latest patch package that addresses a...
  3. CVE-2018-7602 Highly Critical Drupal Bug Actively Exploited in the Wild Drupalgeddon continues with one more remote code execution bug has...
  4. 23 Vulnerabilities in UEFI Firmware Used by HP, Lenovo (CVE-2021-41837) At least 23 new security vulnerabilities were discovered in various...
  5. CVE-2021-39237 Bug Affects 150 HP Multifunction Printers Printing Shellz is the name of a new set of...
  6. CVE-2021-3438: 16-Year Old HP Printer Bug Affects Millions of Windows Systems A new, highly severe privilege escalation vulnerability in HP printer...
  7. Firmware Malware Scan Added to VirusTotal’s Set of Tools Have you used Google’s free service VirusTotal? When you have...
  8. CVE-2017-2750 in HP Enterprise-Grade Printers Fixed New day, new vulnerability. HP has just released firmware patches...

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree