Some printers manufactured by Hewlett-Packard, including 10 of its LaserJet Professional printers, have a security vulnerability that could allow an attacker to remotely access data, according to the Computer Emergency Response Team (CERT).
The problem stems from a telnet debug shell glitch that can allow an unauthenticated user to connect to the printer and in turn, glean data, according to CERT. HP’s Software Security Response Team wrote about the problem in a security bulletin last week.
HP’s following LaserJet Pro printers are vulnerable: P1102w, P1606dn, M1212nf, M1213nf, M1214nfh, M1216nfh, M1217nfw, M1218nfs, M1219nf and CP1025nw, according to the bulletin.
German security researcher Christop von Wittich with Hentschke Bau GmbH discovered the flaw.
HP is advising affected customers to download updated firmware for printers impacted by the bug from the company’s Support Center site. The company is also encouraging those still concerned with the vulnerability to email firstname.lastname@example.org for further guidance.
Printers have had a handful of security vulnerabilities of late, along with other Internet-enabled devices over the last few years.