Security News > 2021 > November > Visiting a booby-trapped webpage could give attackers code execution privileges on HP network printers
Tricking users into visiting a malicious webpage could allow malicious people to compromise 150 models of HP multi-function printers, according to F-Secure researchers.
The Finland-headquartered infosec firm said it had found "Exploitable" flaws in the HP printers that allowed attackers to "Seize control of vulnerable devices, steal information, and further infiltrate networks in pursuit of other objectives such as stealing or changing other data" - and, inevitably, "Spreading ransomware."
"To make matters worse, many organizations don't treat printers like other types of endpoints. That means IT and security teams forget about these devices' basic security hygiene, such as installing updates."
The heart of the attack is in the document printed from the malicious site: it contained a "Maliciously crafted font" that gave the attacker code execution privileges on the multi-function printer.
Many organizations don't treat printers like other types of endpoints.
The vulns are not related to F-Secure's recent pwning of an HP printer to the extent of being able to play Doom on its screen.