Critical Wormable Bug Found in 150+ HP Printer Models – For 8 Years

Leave it to HP to have a dramatic set of bugs.

Security researchers disclosed two eight year old bugs which affect 150 different models of HP multifunction printers.

The bug could let an attacker take control of the devices, steal information and launch other attacks.

The two bugs together are called Printing Shellz and were reported to HP in April and patched in November.

One of the bugs has a score of 9.3 out of 10. One bug requires physical access but the other bug can be exploited remotely.

The more severely rated bug is rated that way because it is wormable, meaning it can propagate to other vulnerable HP printers on the network.

The challenge is going to be to identify the devices and reflash the firmware. Installing software upgrades are hard; patching hardware is even harder.

Network operators that segment printers onto different subnets, even at branches, and limit the connection from the printer subnet to other subnets are going to be at a significantly reduced risk.

Get more information on these vulnerabilities here.