HP LaserJet Models May Expose Network Data
Some of HP’s LaserJet models may expose network data to criminals, a researcher has claimed.
Security flaws within some of the systems can reveal users’ administrator passwords to remote attackers, giving them the data required to carry out criminal activities.
The danger lies within two hidden URLs that are hardcoded into the firmware, which contain configuration information for the devices.
Polish security researcher Michael Sadjak said: “Some networked HP LaserJet printers have hidden URLs hardcoded in the firmware. The URLs are not authenticated and can be used to extract admin password in plaintext – among other information like Wi-Fi settings (including WPS PIN).”
He added that admin passwords can be extracted from the machines irrespective of their complexity.
HP has released firmware updates for devices affected by the issue.
Consumers need to ensure their PCs and printers are fully protected against cyber threats by installing antivirus and firewall technology.
Posted by Barry Ashmore.