Credit: Thinkstock HP has published various security alerts for more than 250 of its printer models. Hackers should be able to inject malicious code, denial-of-service (DoS) attacks to start and access data. As a countermeasure, the manufacturer recommends firmware updates and configuration changes.Gateway LLMNR protocolThe first vulnerability, CVE-2022-3942, is classified as critical with a value of 8.4. According to Heise, attackers can use vulnerabilities in the firmware to remotely cause a buffer overflow in around 250 HP printer models. Malicious code can then be injected and executed.A protocol called Link-Local Multicast Name Resolution (LLMNR) serves as a gateway for hackers. It allows IPv4 and IPv6 hosts name resolution into numeric, editable addresses for hosts on the same local network. It is part of all versions of Microsoft’s operating system since Windows Vista and its mobile counterparts Windows Phone and Windows 10 Mobile. In addition to a firmware update, HP said the vulnerability can also be mitigated by switching off the LLMNR protocol on the devices. Affected models include HP Color LaserJet, DesignJet, DeskJet, HP Digital Sender, LaserJet, OfficeJet Pro, Pagewide, and HP ScanJet Enterprise. For more than 20 additional models, HP identified three additional vulnerabilities, CVE-2022-24291, CVE-2022-24292, and CVE-2022-24293. Two are classified as critical. Information on this is sparse. HP names as possible security risks information theft, DoS and buffer overflow. According to HP, the only solution to these problems is updating to the latest firmware.Second case of HP printer vulnerabilities in a few monthsSuch reports are nothing new for HP users. As early as the end of 2021, security researchers found serious gaps in over 150 printer models. Using phishing tactics, hackers could access the devices and hijack them. The attackers then could read printouts, scans and faxes. In addition, the login data of the device could be readable, which opened the way to the rest of the network. Even then, HP advised firmware updates.Editor’s note: This story originally appeared on CIO Germany. Related content news Most interesting products to see at RSAC 2024 Tools, platforms, and services that the CSO team recommends 2024 RSA Conference attendees check out. By CSO Staff May 02, 2024 6 mins RSA Conference Security news analysis Biden delivers updated take on security for critical infrastructure Building on previous efforts, the Biden administration's new National Security Memorandum reflects a more modern approach to protecting US critical infrastructure, giving CISA a better-defined and expanded role as the agency coordinating everyth By Cynthia Brumfield May 02, 2024 7 mins Government Threat and Vulnerability Management Critical Infrastructure news NIST publishes new guides on AI risk for developers and CISOs Companion publications to NIST’s AI Risk Management Framework explore a long worry list in more detail and are likely to become essential reading for security professionals. By John Dunn May 01, 2024 4 mins Regulation Government Security Practices news analysis 5 key takeways from Verizon's 2024 Data Breach Investigations Report The rapid of exploitation of zero-day vulnerabilities, such as MOVEit, and the effectiveness of ransomware attacks are two of the major findings from last year’s breach data. By Rosalyn Page May 01, 2024 5 mins Data Breach Zero-day vulnerability Data and Information Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe