HPSBPI03619 rev. 2 - Certain HP LaserJet Pro and MFP Printers, Multiple Potential Security Vulnerabilities

Potential Security Impact

XSS, CSRF, Potential Buffer Overflow

Reported by: Mario Rivas and Daniel Romero, NCC Group

VULNERABILITY SUMMARY

HP has identified potential security vulnerabilities with certain HP printers. The vulnerabilities could be exploited to perform Cross-site scripting (XSS), Cross-site request forgery (CSRF), or Buffer overflow attacks.

RESOLUTION

Update firmware for impacted printers as indicated in the table below. To obtain the updated firmware, follow these steps:

> note:
>
> All product versions prior to the firmware versions listed are impacted.

1. Go to Software and Drivers Downloads, and then click Printer.

2. Type your printer model name, and then select the name of your printer in the list.

3. Select Firmware from the list of categories.

4. Click Download next to the firmware update, and then follow the on-screen prompts to finish the update.

Printer name

|

Model numbers

|

Firmware revision

—|—|—

HP Color LaserJet Pro M280-M281 Multifunction Printer series

|

T6B80A, T6B83A, T6B81A, T6B82A

|

20190419

HP LaserJet Pro MFP M28-M31 Printer series

|

W2G54A, W2G55A, Y5S53A, Y5S55A, Y5S50A, Y5S54A

|

20190426