Security News > 2021 > November > 8-year-old HP printer vulnerability affects 150 printer models
2021-11-30 13:00
Researchers have discovered several vulnerabilities affecting at least 150 multi-function printers made by Hewlett Packard.
F-Secure's Bolshev and Hirvonen used an HP M725z multi-function printer unit as their testbed to discover the above flaws.
Cross-site printing: sending the exploit to the printer directly from the browser using an HTTP POST to JetDirect port 9100/TCP. This is probably the most attractive attack vector.
Disable printing from USB. Place the printer into a separate VLAN sitting behind a firewall.
A detailed guide on the best practices for securing your printer is available in HP's technical paper.
You can also watch a video demo of how this HP printer vulnerability can be exploited below.