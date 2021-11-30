HP Printer: Researchers at cybersecurity firm F-Secure revealed on Tuesday (30) that they have found two high-severity flaws that affect at least 150 HP all-in-one printer models. Apparently, these bugs have been around since 2013, according to experts.

Named CVE-2021-39237, one of the vulnerabilities identified by researchers Alexander Bolshev and Timo Hirvonen requires physical access to the device to be exploited. The other, CVE-2021-39238, is more serious and allows remote exploration, by executing specific codes.

A successful attack taking advantage of these errors could allow the attacker to achieve different goals, such as stealing any information executed or cached by the printer—printed or scanned documents and faxes, for example. The extraction of login credentials that connect the device to the network is another possibility.

The most critical error can be exploited through the cross-site printing attack method, when the user is tricked into visiting a malicious page and printing a code-altered document. From there, cybercriminals would have unrestricted access to the equipment, with the chance of spreading malware across the network.