Credit: Thinkstock HP has published various security alerts for more than 250 of its printer models. Hackers should be able to inject malicious code, denial-of-service (DoS) attacks to start and access data. As a countermeasure, the manufacturer recommends firmware updates and configuration changes.Gateway LLMNR protocolThe first vulnerability, CVE-2022-3942, is classified as critical with a value of 8.4. According to Heise, attackers can use vulnerabilities in the firmware to remotely cause a buffer overflow in around 250 HP printer models. Malicious code can then be injected and executed.A protocol called Link-Local Multicast Name Resolution (LLMNR) serves as a gateway for hackers. It allows IPv4 and IPv6 hosts name resolution into numeric, editable addresses for hosts on the same local network. It is part of all versions of Microsoft’s operating system since Windows Vista and its mobile counterparts Windows Phone and Windows 10 Mobile. In addition to a firmware update, HP said the vulnerability can also be mitigated by switching off the LLMNR protocol on the devices. Affected models include HP Color LaserJet, DesignJet, DeskJet, HP Digital Sender, LaserJet, OfficeJet Pro, Pagewide, and HP ScanJet Enterprise. For more than 20 additional models, HP identified three additional vulnerabilities, CVE-2022-24291, CVE-2022-24292, and CVE-2022-24293. Two are classified as critical. Information on this is sparse. HP names as possible security risks information theft, DoS and buffer overflow. According to HP, the only solution to these problems is updating to the latest firmware.Second case of HP printer vulnerabilities in a few monthsSuch reports are nothing new for HP users. As early as the end of 2021, security researchers found serious gaps in over 150 printer models. Using phishing tactics, hackers could access the devices and hijack them. The attackers then could read printouts, scans and faxes. In addition, the login data of the device could be readable, which opened the way to the rest of the network. Even then, HP advised firmware updates.Editor’s note: This story originally appeared on CIO Germany. Related content news analysis Water system attacks spark calls for cybersecurity regulation The Iranian CyberAv3ngers group’s simplistic exploitation of Unitronics PLCs highlights the cybersecurity weaknesses in US water utilities, the need to get devices disconnected from the internet, and renewed interest in regulation. By Cynthia Brumfield Dec 11, 2023 11 mins Regulation Cyberattacks Critical Infrastructure feature Accenture takes an industrialized approach to safeguarding its cloud controls Security was once a hindrance for Accenture developers. But since centralizing the company's compliance controls, the process has never been simpler. By Aimee Chanthadavong Dec 11, 2023 8 mins Application Security Cloud Security Compliance news analysis LogoFAIL attack can inject malware in the firmware of many computers Researchers have shown how attackers can deliver malicious code into the UEFI of many PCs though BIOS splash screen graphics. By Lucian Constantin Dec 08, 2023 8 mins Malware Vulnerabilities news Google expands minimum security guidelines for third-party vendors Google's updated Minimum Viable Secure Product (MVSP) program offers advice for working with researchers and warns against vendors charging extra for basic security features. By John P. Mello Jr. Dec 08, 2023 4 mins Application Security Supply Chain Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe