Security researchers have published details about two serious vulnerabilities that impact over 150 different HP multifunction printer models with FutureSmart firmware going back at least nine years. The attack vectors associated with the flaws and their impact serve as a reminder that printers can pose significant security risks to enterprise networks if not properly secured, updated and segmented.
“For one, the vulnerabilities date back to at least 2013 and affect a large number of HP products released,” researchers from security firm F-Secure, who found the flaws, said in their report. “HP is a large company that sells products all over the world. Many companies are likely using these vulnerable devices. To make matters worse, many organizations don’t treat printers like other types of endpoints. That means IT and security teams forget about these devices’ basic security hygiene, such as installing updates.”