XSS, CSRF, Potential Buffer Overflow
Reported by: Mario Rivas and Daniel Romero, NCC Group
HP has identified potential security vulnerabilities with certain HP printers. The vulnerabilities could be exploited to perform Cross-site scripting (XSS), Cross-site request forgery (CSRF), or Buffer overflow attacks.
Update firmware for impacted printers as indicated in the table below. To obtain the updated firmware, follow these steps:
> note:
>
> All product versions prior to the firmware versions listed are impacted.
Go to Software and Drivers Downloads, and then click Printer.
Type your printer model name, and then select the name of your printer in the list.
Select Firmware from the list of categories.
Click Download next to the firmware update, and then follow the on-screen prompts to finish the update.
Printer name
|
Model numbers
|
Firmware revision
—|—|—
HP Color LaserJet Pro M280-M281 Multifunction Printer series
|
T6B80A, T6B83A, T6B81A, T6B82A
|
20190419
HP LaserJet Pro MFP M28-M31 Printer series
|
W2G54A, W2G55A, Y5S53A, Y5S55A, Y5S50A, Y5S54A
|
20190426