According to a security bulletin from HP, more than 200 of the manufacturer's printer products are affected by a critical security vulnerability (CVE-2022-3942). This vulnerability was discovered and reported by Trend Micro security researchers and allows remote attackers to trigger a buffer overflow, inject and execute malicious code.

The HP printers are said to be vulnerable to remote code execution and buffer overflow when using Link-Local Multicast Name Resolution (LLMNR). A firmware update should be performed on these printers. HP recommends to download and install the available firmware updates through HP's driver download software.

Affected HP printers

All affected HP printer models are listed in the bulletin under Affected products. A distinction is made between models of the following product lines: HP Enterprise printers, HP Laserjet Pro printers, HP Pagewide Pro printers, HP Deskjet and Officejet printers, HP DesignJet printers and HP Pagewide printers.

For each product line, HP lists the specific models affected and which new firmware version fixes the critical vulnerability. For some models, however, no new firmware version is available. For these HP recommends: "In certain HP Enterprise and HP LaserJet Pro printers, the issue may also be mitigated by disabling LLMNR in network settings.".

Read more about these vulnerabilities here and here.

More vulnerabilities in HP printers

In a second security bulletin, HP identifies three other security vulnerabilities affecting HP printer models. HP rates the danger of one vulnerability (CVE-2022-24291) as high, the other two vulnerabilities (CVE-2022-24292 and CVE-2022-24293) as critical. Specifically, these are vulnerabilities that attackers could use to steal personal information from users or carry out DoS or remote code execution attacks. It is highly recommended to also update the firmware on the affected printers.

Affected are models of the HP printer families HP Laserjet Pro, HP Pagewide Pro and HP Officejet. A detailed list of the devices can be found on this page under Affected products plus information about which updated firmware version should be installed.