A user with device administrative privileges can change existing SMTP server settings on the device, without having to re-enter SMTP server credentials. By redirecting send-to-email traffic to the new server, the original SMTP server credentials may potentially be exposed.
[
{
"vendor": "HP Inc.",
"product": "Certain HP LaserJet Pro Printers ",
"versions": [
{
"version": "See HP Security Bulletin reference for affected versions.",
"status": "affected"
}
]
}
]