Home > Cyber News > Highly Critical CVE-2018-5924 in HP Printers, Update Firmware Now!

Highly Critical CVE-2018-5924 in HP Printers, Update Firmware Now!

A couple of new critical security flaws were found in HP printers.

CVE-2018-5924, CVE-2018-5925 in HP Printers

One of the vulnerabilities resides in the firmware of certain HP printers, and it has been classified as very critical. This vulnerability is known as CVE-2018-5924 and affects an unknown function. What is known is that the manipulation with an unknown input leads to a memory corruption flaw. The second vulnerability, CVE-2018-5925, appears to be related to the first one.

How can an attack take place?
As explained by HP, “a maliciously crafted file sent to an affected device can cause a stack or static buffer overflow, which could allow remote code execution”.

Fortunately, HP has already provided firmware updates for the affected products, such as Pagewide Pro, DesignJet, OfficeJet, DeskJet and Envy printers.

To obtain the updated firmware, users are urged to go to the HP Software and Drivers page for the particular product, find the firmware update from the list of available software, and follow the instructions.

Just last week, HP announced it will be inviting white hat hackers to test its printers for bugs that hackers could exploit for malicious purposes. The one-of-a-king bug bounty program is launched in partnership with bug bounty platform Bugcrowd.

Related Story: One-of-a-Kind HP Printer Bug Bounty to Improve Network Security

According to a 2018 report by Bugcrowd, endpoint devices are increasingly targeted by malicious actors, with a 21 percent increase in total endpoint bugs reported in the last year. Thus, HP decided to launch a printer-only vulnerability disclosure program encouraging researchers to discover and report bugs.

Depending on the scale of the vulnerability, bug bounties will vary between $500 and $10,000.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree