Multiple vulnerabilities in HP LaserJet Pro printers, PageWide Pro printers and inkjet printers
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU67637
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-28721
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHP DeskJet Ink Advantage 5000 All-in-One Printer series: before 2211A
HP DeskJet Ink Advantage 5200 All-in-One Printer series: before 2211C
HP DeskJet Plus Ink Advantage 6000 All-in-One Printer series: before 001.2214A
HP DeskJet Plus Ink Advantage 6400 All-in-One Printer series: before 001.2214A
HP ENVY 5000 All-in-One Printer series: before 2211C
HP ENVY 6000 All-in-One Printer series: before 001.2214B
HP ENVY 6000e All-In-One Printer series: before 001.2216A
HP ENVY 6400e All-In-One Printer series: before 001.2216A
HP ENVY Photo 6200 All-in-One Printer series: before 003.2220B
HP ENVY Photo 7100 All-in-One Printer series: before 003.2220B
HP ENVY Photo 7800 All-in-One Printer series: before 003.2220B
HP ENVY Pro 6400 All-in-One Printer series: before 001.2214B
HP OfficeJet 5200 All-in-One Printer series: before 2211A
HP OfficeJet 6950 All-in-One Printer series: before 001.2224A
HP OfficeJet 6960 All-in-One Printer series: before 001.2225A
HP OfficeJet 8010 All-in-One Printer series: before 001.2213A
HP OfficeJet 8010e All-in-One Printer series: before 004.2222A
HP OfficeJet 8022 All-in-One Printer: before 001.2213A
HP OfficeJet 8022e All-in-One Printer: before 004.2222A
HP OfficeJet Pro 6960 All-in-One Printer series: before 001.2225A
HP OfficeJet Pro 6970 All-in-One Printer series: before 001.2225A
HP OfficeJet Pro 7720 Wide Format All-in-One Printer series: before 003.2226A
HP OfficeJet Pro 7730 Wide Format All-in-One Printer: before 003.2226A
HP OfficeJet Pro 7740 Wide Format All-in-One Printer series: before 002.2226A
HP OfficeJet Pro 8020 All-in-One Printer series: before 001.2213A
HP OfficeJet Pro 8020e All-in-One Printer series: before 004.2222A
HP OfficeJet Pro 8030 All-in-One Printer series: before 001.2213A
HP OfficeJet Pro 8030e All-in-One Printer series: before 004.2222A
HP OfficeJet Pro 8035e All-in-One Printer: before 004.2222A
HP OfficeJet Pro 8210 Printer series: before 001.2225B
HP OfficeJet Pro 8730 All-in-One Printer: before 001.2225B
HP OfficeJet Pro 8740 All-in-One Printer series: before 001.2225B
HP OfficeJet Pro 9010 All-in-One Printer series: before 002.2211C
HP OfficeJet Pro 9010e All-in-One Printer series: before 005.2210A
HP OfficeJet Pro 9020 All-in-One Printer series: before 002.2211C
HP OfficeJet Pro 9020e All-in-One Printer series: before 005.2210A
HP Smart Tank 510 Wireless All-in-One series: before 001.2219A
HP Smart Tank Plus 550 Wireless All-in-One series: before 001.2219A
HP Smart Tank 610 Wireless All-in-One series: before 001.2219A
HP Smart Tank Plus 650 Wireless All-in-One series: before 001.2219A
HP Tango: before 2209A
HP Tango X: before 2209A
HP Color LaserJet MFP M478-M479 series: before 002_2208A
HP Color LaserJet Pro M453-M454 series: before 002_2208A
HP LaserJet Pro M304-M305 Printer series: before 002_2208A
HP LaserJet Pro M404-M405 Printer series: before 002_2208A
HP LaserJet Pro MFP M428-M429 f series: before 002_2208A
HP LaserJet Pro MFP M428-M429 series: before 002_2208A
HP PageWide 352dw Printer: before 2228B
HP PageWide 377dw Multifunction Printer: before 2228B
HP PageWide Managed P55250dw Printer series: before 2228B
HP PageWide Managed P57750dw Multifunction Printer: before 2228B
HP PageWide Managed P75050dn: before 006.2225A
HP PageWide Managed P75050dw: before 006.2225A
HP PageWide Managed P77740dn Multifunction Printer: before 006.2225A
HP PageWide Managed P77740dw Multifunction Printer: before 006.2225A
HP PageWide Managed P77740z Multifunction Printer: before 006.2225A
HP PageWide Managed P77750z Multifunction Printer: before 006.2225A
HP PageWide Managed P77760z Multifunction Printer: before 006.2225A
HP PageWide Pro 452dn Printer series: before 2228B
HP PageWide Pro 452dw Printer series: before 2228B
HP PageWide Pro 477dn Multifunction Printer series: before 2228B
HP PageWide Pro 477dw Multifunction Printer series: before 2228B
HP PageWide Pro 552dw Printer series: before 2228B
HP PageWide Pro 577 Multifunction Printer series: before 2228B
HP PageWide Pro 750dn Printer: before 006.2225A
HP PageWide Pro 750dw Printer: before 006.2225A
HP PageWide Pro 772dn Multifunction Printer: before 006.2225A
HP PageWide Pro 772dw Multifunction Printer: before 006.2225A
External linkshttp://support.hp.com/us-en/document/ish_6839789-6839813-16/HPSBPI03810
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU67639
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-28722
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. An attacker with physical access can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHP OfficeJet 6950 All-in-One Printer series: before 001.2224A
HP OfficeJet 6960 All-in-One Printer series: before 001.2225A
HP OfficeJet 8022 All-in-One Printer: before 001.2213A
HP OfficeJet 8022e All-in-One Printer: before 004.2222A
HP OfficeJet Pro 6960 All-in-One Printer series: before 001.2225A
HP OfficeJet Pro 6970 All-in-One Printer series: before 001.2225A
HP OfficeJet Pro 7720 Wide Format All-in-One Printer series: before 003.2226A
HP OfficeJet Pro 7730 Wide Format All-in-One Printer: before 003.2226A
HP OfficeJet Pro 7740 Wide Format All-in-One Printer series: before 002.2226A
HP OfficeJet Pro 8210 Printer series: before 001.2225B
HP OfficeJet Pro 8730 All-in-One Printer: before 001.2225B
HP OfficeJet Pro 8740 All-in-One Printer series: before 001.2225B
HP PageWide 352dw Printer: before 2228B
HP PageWide 377dw Multifunction Printer: before 2228B
HP PageWide Managed P55250dw Printer series: before 2228B
HP PageWide Managed P57750dw Multifunction Printer: before 2228B
HP PageWide Managed P75050dn: before 006.2225A
HP PageWide Managed P75050dw: before 006.2225A
HP PageWide Managed P77740dn Multifunction Printer: before 006.2225A
HP PageWide Managed P77740dw Multifunction Printer: before 006.2225A
HP PageWide Managed P77740z Multifunction Printer: before 006.2225A
HP PageWide Managed P77750z Multifunction Printer: before 006.2225A
HP PageWide Managed P77760z Multifunction Printer: before 006.2225A
HP PageWide Pro 452dn Printer series: before 2228B
HP PageWide Pro 452dw Printer series: before 2228B
HP PageWide Pro 477dn Multifunction Printer series: before 2228B
HP PageWide Pro 477dw Multifunction Printer series: before 2228B
HP PageWide Pro 552dw Printer series: before 2228B
HP PageWide Pro 577 Multifunction Printer series: before 2228B
HP PageWide Pro 750dn Printer: before 006.2225A
HP PageWide Pro 750dw Printer: before 006.2225A
HP PageWide Pro 772dn Multifunction Printer: before 006.2225A
HP PageWide Pro 772dw Multifunction Printer: before 006.2225A
External linkshttp://support.hp.com/us-en/document/ish_6839789-6839813-16/HPSBPI03810
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
