These printers are vulnerable to hackers – Update yours now

March 24, 2022

By Kim Komando

Some of the essential gadgets you must keep updated include your router and mobile devices. If hackers manage to breach those, they could steal a wealth of information. But that doesn’t mean you can overlook other household electronics.

Any device that connects to your home’s Wi-Fi is vulnerable if you don’t regularly install firmware or software updates. No matter what you use the gadget for, hackers will find a way to exploit flaws to infiltrate them.

A Wi-Fi-connected printer is an often-forgotten gadget that you might have in your home. Read on to see why you must update the software immediately, especially if you have a model from HP.

Here’s the backstory

Electronics manufacturer HP recently rolled out a critical update for some of its printers, as they are in danger of exploitation through vulnerabilities. The most troublesome flaws can give hackers access to your Wi-Fi network, use the connected printers to execute malicious code or steal personal information.

HP details in two separate security advisories that hundreds of models are at risk and that Zero Day Initiative was first to report both instances of the flaws to HP.

Two vulnerabilities have a severity score of 9.8, while one has a score of 8.4. The only high severity flaw has a score of 7.5, which is significant enough to warrant an update. The list of affected models is relatively large.

Models impacted with a remote execution flaw tracked as CVE-2022-3942 include:

• CM4540 MFP HP Color LaserJet Enterprise
• M880z HP Color LaserJet Enterprise Flow
• HP Digital Sender Flow 8500 fn2 Document Capture Workstation
• DeskJet 2700 All-in-One Printer series
• HP OfficeJet Pro 8210 Printer series
• DeskJet Plus Ink Advantage 4100 All-in-One series
• DesignJet T1700
• HP PageWide XL 5200
• HP Deskjet Ink Advantage Ultra 4800 Series
• PageWide 377dw Multifunction Printer

Models impacted with information-stealing flaws tracked as CVE-2022-24291, CVE-2022-24292 and CVE-2022-24293 include:

• HP Color LaserJet Pro M453
• LaserJet Pro M304
• HP PageWide 377dw Multifunction Printer
• HP OfficeJet Pro 8210 Printer series
• LaserJet Pro MFP M428
• HP Color LaserJet Pro MFP M478, M479
• HP OfficeJet Pro 8740 All-in-One Printer series

You can find the complete list of affected printers on HP’s advisory pages by clicking here and here.

What you can do about it

If you have any impacted printers, you must update the firmware as soon as possible. While the process might be different for specific devices, the general advice is to download the latest patches from HP’s Software and Driver Downloads page. Here’s how:

• On the main page, click Printer.
• Enter your printer’s product name or select it from the list at the bottom.
• The page should refresh to display all possible software for your printer.
• Click Download next to the most recent driver, connect your printer to your computer and install it.

The easiest way to ensure that your printer is always up to date is to install the HP Smart app on your computer. The small application not only serves as a quick way to manage your printer, but it also downloads and installs firmware updates automatically for you.

If you’re ready to switch to a printer that doesn’t use expensive ink cartridges, look no further than our sponsor Epson for an EcoTank printer. With supersized easy-to-fill tanks, each EcoTank printer comes with enough ink to print thousands of pages.

Check out Epson EcoTank printers at a Best Buy, OfficeMax or Office Depot near you, or shop online at Epson.com/EcoTankKim.

Keep reading

Listener question: ‘Can you help me choose a new PC and printer?’

The best at-home printer for work, school and life