PT-2022-1905 · Hewlett Packard · Hp Laserjet Pro Mfp M283Fdw+1

Published

2022-01-21

Updated

2022-03-29

CVE-2022-24293

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HP Print devices (affected versions not specified)

Description The issue is related to a stack-based buffer overflow in the firmware of HP Print devices. This could allow a remote attacker to execute arbitrary code, potentially leading to information disclosure, denial of service, or remote code execution. The vulnerability was demonstrated at Pwn2Own, specifically affecting the HP LaserJet Pro MFP M283fdw through an eContactRestore stack-based buffer overflow, enabling remote code execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121

Related Identifiers

BDU:2022-01441

CVE-2022-24293

ZDI-22-533

Affected Products

Hp Laserjet Pro Mfp M283Fdw

Hp Print Devices

PT-2022-1905 · Hewlett Packard · Hp Laserjet Pro Mfp M283Fdw+1

CVE-2022-24293

Weakness Enumeration

Related Identifiers

Affected Products

References · 9