Multiple vulnerabilities in HP LaserJet Pro printers, PageWide Pro printers and inkjet printers

1) Buffer overflow

EUVDB-ID: #VU67637

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-28721

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

HP DeskJet Ink Advantage 5000 All-in-One Printer series: before 2211A

HP DeskJet Ink Advantage 5200 All-in-One Printer series: before 2211C

HP DeskJet Plus Ink Advantage 6000 All-in-One Printer series: before 001.2214A

HP DeskJet Plus Ink Advantage 6400 All-in-One Printer series: before 001.2214A

HP ENVY 5000 All-in-One Printer series: before 2211C

HP ENVY 6000 All-in-One Printer series: before 001.2214B

HP ENVY 6000e All-In-One Printer series: before 001.2216A

HP ENVY 6400e All-In-One Printer series: before 001.2216A

HP ENVY Photo 6200 All-in-One Printer series: before 003.2220B

HP ENVY Photo 7100 All-in-One Printer series: before 003.2220B

HP ENVY Photo 7800 All-in-One Printer series: before 003.2220B

HP ENVY Pro 6400 All-in-One Printer series: before 001.2214B

HP OfficeJet 5200 All-in-One Printer series: before 2211A

HP OfficeJet 6950 All-in-One Printer series: before 001.2224A

HP OfficeJet 6960 All-in-One Printer series: before 001.2225A

HP OfficeJet 8010 All-in-One Printer series: before 001.2213A

HP OfficeJet 8010e All-in-One Printer series: before 004.2222A

HP OfficeJet 8022 All-in-One Printer: before 001.2213A

HP OfficeJet 8022e All-in-One Printer: before 004.2222A

HP OfficeJet Pro 6960 All-in-One Printer series: before 001.2225A

HP OfficeJet Pro 6970 All-in-One Printer series: before 001.2225A

HP OfficeJet Pro 7720 Wide Format All-in-One Printer series: before 003.2226A

HP OfficeJet Pro 7730 Wide Format All-in-One Printer: before 003.2226A

HP OfficeJet Pro 7740 Wide Format All-in-One Printer series: before 002.2226A

HP OfficeJet Pro 8020 All-in-One Printer series: before 001.2213A

HP OfficeJet Pro 8020e All-in-One Printer series: before 004.2222A

HP OfficeJet Pro 8030 All-in-One Printer series: before 001.2213A

HP OfficeJet Pro 8030e All-in-One Printer series: before 004.2222A

HP OfficeJet Pro 8035e All-in-One Printer: before 004.2222A

HP OfficeJet Pro 8210 Printer series: before 001.2225B

HP OfficeJet Pro 8730 All-in-One Printer: before 001.2225B

HP OfficeJet Pro 8740 All-in-One Printer series: before 001.2225B

HP OfficeJet Pro 9010 All-in-One Printer series: before 002.2211C

HP OfficeJet Pro 9010e All-in-One Printer series: before 005.2210A

HP OfficeJet Pro 9020 All-in-One Printer series: before 002.2211C

HP OfficeJet Pro 9020e All-in-One Printer series: before 005.2210A

HP Smart Tank 510 Wireless All-in-One series: before 001.2219A

HP Smart Tank Plus 550 Wireless All-in-One series: before 001.2219A

HP Smart Tank 610 Wireless All-in-One series: before 001.2219A

HP Smart Tank Plus 650 Wireless All-in-One series: before 001.2219A

HP Tango: before 2209A

HP Tango X: before 2209A

HP Color LaserJet MFP M478-M479 series: before 002_2208A

HP Color LaserJet Pro M453-M454 series: before 002_2208A

HP LaserJet Pro M304-M305 Printer series: before 002_2208A

HP LaserJet Pro M404-M405 Printer series: before 002_2208A

HP LaserJet Pro MFP M428-M429 f series: before 002_2208A

HP LaserJet Pro MFP M428-M429 series: before 002_2208A

HP PageWide 352dw Printer: before 2228B

HP PageWide 377dw Multifunction Printer: before 2228B

HP PageWide Managed P55250dw Printer series: before 2228B

HP PageWide Managed P57750dw Multifunction Printer: before 2228B

HP PageWide Managed P75050dn: before 006.2225A

HP PageWide Managed P75050dw: before 006.2225A

HP PageWide Managed P77740dn Multifunction Printer: before 006.2225A

HP PageWide Managed P77740dw Multifunction Printer: before 006.2225A

HP PageWide Managed P77740z Multifunction Printer: before 006.2225A

HP PageWide Managed P77750z Multifunction Printer: before 006.2225A

HP PageWide Managed P77760z Multifunction Printer: before 006.2225A

HP PageWide Pro 452dn Printer series: before 2228B

HP PageWide Pro 452dw Printer series: before 2228B

HP PageWide Pro 477dn Multifunction Printer series: before 2228B

HP PageWide Pro 477dw Multifunction Printer series: before 2228B

HP PageWide Pro 552dw Printer series: before 2228B

HP PageWide Pro 577 Multifunction Printer series: before 2228B

HP PageWide Pro 750dn Printer: before 006.2225A

HP PageWide Pro 750dw Printer: before 006.2225A

HP PageWide Pro 772dn Multifunction Printer: before 006.2225A

HP PageWide Pro 772dw Multifunction Printer: before 006.2225A

CPE2.3

• cpe:2.3:h:hp_development_company:hp_deskjet_ink_advantage_5000_all-in-one_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_deskjet_ink_advantage_5200_all-in-one_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_deskjet_plus_ink_advantage_6000_all-in-one_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_deskjet_plus_ink_advantage_6400_all-in-one_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_envy_5000_all-in-one_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_envy_6000_all-in-one_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_envy_6000e_all-in-one_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_envy_6400e_all-in-one_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_envy_photo_6200_all-in-one_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_envy_photo_7100_all-in-one_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_envy_photo_7800_all-in-one_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_envy_pro_6400_all-in-one_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_5200_all-in-one_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_6950_all-in-one_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_6960_all-in-one_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_8010_all-in-one_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_8010e_all-in-one_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_8022_all-in-one_printer:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_8022e_all-in-one_printer:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_pro_6960_all-in-one_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_pro_6970_all-in-one_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_pro_7720_wide_format_all-in-one_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_pro_7730_wide_format_all-in-one_printer:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_pro_7740_wide_format_all-in-one_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_pro_8020_all-in-one_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_pro_8020e_all-in-one_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_pro_8030_all-in-one_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_pro_8030e_all-in-one_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_pro_8035e_all-in-one_printer:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_pro_8210_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_pro_8730_all-in-one_printer:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_pro_8740_all-in-one_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_pro_9010_all-in-one_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_pro_9010e_all-in-one_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_pro_9020_all-in-one_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_pro_9020e_all-in-one_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_smart_tank_510_wireless_all-in-one_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_smart_tank_plus_550_wireless_all-in-one_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_smart_tank_610_wireless_all-in-one_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_smart_tank_plus_650_wireless_all-in-one_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_tango:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_tango_x:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_color_laserjet_mfp_m478-m479_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_color_laserjet_pro_m453-m454_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_laserjet_pro_m304-m305_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_laserjet_pro_m404-m405_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_laserjet_pro_mfp_m428-m429_f_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_laserjet_pro_mfp_m428-m429_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_352dw_printer:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_377dw_multifunction_printer:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_managed_p55250dw_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_managed_p57750dw_multifunction_printer:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_managed_p75050dn:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_managed_p75050dw:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_managed_p77740dn_multifunction_printer:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_managed_p77740dw_multifunction_printer:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_managed_p77740z_multifunction_printer:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_managed_p77750z_multifunction_printer:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_managed_p77760z_multifunction_printer:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_pro_452dn_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_pro_452dw_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_pro_477dn_multifunction_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_pro_477dw_multifunction_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_pro_552dw_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_pro_577_multifunction_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_pro_750dn_printer:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_pro_750dw_printer:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_pro_772dn_multifunction_printer:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_pro_772dw_multifunction_printer:*:*:*:*:*:*:*:*

External links

https://support.hp.com/us-en/document/ish_6839789-6839813-16/HPSBPI03810

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Buffer overflow

EUVDB-ID: #VU67639

Risk: Low

CVSSv4.0: 2 [CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-28722

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. An attacker with physical access can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

HP OfficeJet 6950 All-in-One Printer series: before 001.2224A

HP OfficeJet 6960 All-in-One Printer series: before 001.2225A

HP OfficeJet 8022 All-in-One Printer: before 001.2213A

HP OfficeJet 8022e All-in-One Printer: before 004.2222A

HP OfficeJet Pro 6960 All-in-One Printer series: before 001.2225A

HP OfficeJet Pro 6970 All-in-One Printer series: before 001.2225A

HP OfficeJet Pro 7720 Wide Format All-in-One Printer series: before 003.2226A

HP OfficeJet Pro 7730 Wide Format All-in-One Printer: before 003.2226A

HP OfficeJet Pro 7740 Wide Format All-in-One Printer series: before 002.2226A

HP OfficeJet Pro 8210 Printer series: before 001.2225B

HP OfficeJet Pro 8730 All-in-One Printer: before 001.2225B

HP OfficeJet Pro 8740 All-in-One Printer series: before 001.2225B

HP PageWide 352dw Printer: before 2228B

HP PageWide 377dw Multifunction Printer: before 2228B

HP PageWide Managed P55250dw Printer series: before 2228B

HP PageWide Managed P57750dw Multifunction Printer: before 2228B

HP PageWide Managed P75050dn: before 006.2225A

HP PageWide Managed P75050dw: before 006.2225A

HP PageWide Managed P77740dn Multifunction Printer: before 006.2225A

HP PageWide Managed P77740dw Multifunction Printer: before 006.2225A

HP PageWide Managed P77740z Multifunction Printer: before 006.2225A

HP PageWide Managed P77750z Multifunction Printer: before 006.2225A

HP PageWide Managed P77760z Multifunction Printer: before 006.2225A

HP PageWide Pro 452dn Printer series: before 2228B

HP PageWide Pro 452dw Printer series: before 2228B

HP PageWide Pro 477dn Multifunction Printer series: before 2228B

HP PageWide Pro 477dw Multifunction Printer series: before 2228B

HP PageWide Pro 552dw Printer series: before 2228B

HP PageWide Pro 577 Multifunction Printer series: before 2228B

HP PageWide Pro 750dn Printer: before 006.2225A

HP PageWide Pro 750dw Printer: before 006.2225A

HP PageWide Pro 772dn Multifunction Printer: before 006.2225A

HP PageWide Pro 772dw Multifunction Printer: before 006.2225A

CPE2.3

• cpe:2.3:h:hp_development_company:hp_officejet_6950_all-in-one_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_6960_all-in-one_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_8022_all-in-one_printer:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_8022e_all-in-one_printer:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_pro_6960_all-in-one_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_pro_6970_all-in-one_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_pro_7720_wide_format_all-in-one_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_pro_7730_wide_format_all-in-one_printer:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_pro_7740_wide_format_all-in-one_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_pro_8210_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_pro_8730_all-in-one_printer:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_officejet_pro_8740_all-in-one_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_352dw_printer:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_377dw_multifunction_printer:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_managed_p55250dw_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_managed_p57750dw_multifunction_printer:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_managed_p75050dn:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_managed_p75050dw:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_managed_p77740dn_multifunction_printer:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_managed_p77740dw_multifunction_printer:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_managed_p77740z_multifunction_printer:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_managed_p77750z_multifunction_printer:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_managed_p77760z_multifunction_printer:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_pro_452dn_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_pro_452dw_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_pro_477dn_multifunction_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_pro_477dw_multifunction_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_pro_552dw_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_pro_577_multifunction_printer_series:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_pro_750dn_printer:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_pro_750dw_printer:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_pro_772dn_multifunction_printer:*:*:*:*:*:*:*:*
• cpe:2.3:h:hp_development_company:hp_pagewide_pro_772dw_multifunction_printer:*:*:*:*:*:*:*:*

External links

https://support.hp.com/us-en/document/ish_6839789-6839813-16/HPSBPI03810

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.