More than hundred HP printer models vulnerable to two very critical vulnerabilities

Originally published at:

More than hundred HP inkjet printers are vulnerable to remote code execution vulnerabilities that are classified by HP as critical. By exploiting the vulnerabilities, an attacker could remotely execute arbitrary code by sending a specially prepared file.

The only HP printer I have is a LaserJet 5P. It’s so old, the demo button prints a page that mentions MS-DOS. Because it doesn’t try to do half as much thinking as modern printers do, it cannot have such vulnerabilities. Like a good Un*x program, it does only thing, and does it really well.

This is why we don’t need printers that print documents, send/receive fax, clean your clothes, make your coffee, wash your windows, display the weather, water your garden, order fast food, restrict which cartridges you can use via DRM-like technologies, SPY ON EVERYTHING YOU DO, and vacuum your carpet, all using 500Mb+ drivers. Why do printer manufacturers do this? I only want my printers to do one thing: print things. That’s it.

I also have a 5P (actually a 5MP; I bought the PostScript module) which is still in service.

It’s very slow compared to current models, and its paper handling is getting a bit finicky; but it still produces great output.

Problem is, my last HP-branded toner is running out. All of the third-party toner cartridges have problems: leaks, streaking, poor density, or stray toner bands appearing on the output. I might finally have to retire it soon…

That sucks. I love my LaserJet 5P, although I don’t do much printing, so I don’t really have to deal with with toner. Good luck!