HP recently updated firmware for 225 different models of the InkJet series, including Pagewide, DesignJet, OfficeJet, Deskjet and HP Envy products to fix two security bugs (CVE-2018-5924 and CVE-2018-5925). These two printer vulnerabilities can cause the stack or static buffer overflow when the printer prints a file, and hackers can execute malicious code on the series of printers. The two vulnerabilities were discovered by HP’s in-house Product Security Response Team, as HP launched a rewards program to find weaknesses this week, attracting more and more security personnel to find out the security vulnerabilities of the printer before the hacker finds out.
“Two security vulnerabilities have been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a stack or static buffer overflow, which could allow remote code execution.”
The discovery vulnerability project with Bugcrowd will reward researchers who successfully submitted security vulnerabilities up to $10,000. The goal of the project is to protect HP-produced printers and other networked devices from botnets and malware. HP is committed to making the world’s safest printers.