Security-related information MFP M725z from HP
A security vulnerability regarding printers/MFP from HP Inc. has been published on various news sites. In response, we would like to evaluate the mentioned issues regarding Utax products.
1. Vulnerability overview
F-Secure Corp. has investigated the vulnerability of the MFP M725z from HP Inc. As a result, two CVEs were registered.
CVE-2021-39237
CVE-2021-39238
CVE-2021-39237
CVE-2021-39238
2. Further information
- The investigative website of F-Secure Corp.https://labs.f-secure.com/publications/printing-shellz/
- The NVD website from NIST
https://nvd.nist.gov/vuln/detail/CVE-2021-39237
https://nvd.nist.gov/vuln/detail/CVE-2021-39238
3.Details of the identified vulnerability
- CVE-2021-39237:Some HP LaserJet, HP LaserJet Managed, HP PageWide, or HP PageWide Managed printers may be vulnerable to possible disclosure of information.
- CVE-2021-39238: Some HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, and HP PageWide Managed products are at risk of buffer overflow.
4. Impact on our products
Vulnerabilities CVE-2021-39237 and CVE-2021-3928 affect HP Inc. products. Utax products are built differently than HP Inc. MFP/printers, so these two vulnerabilities do not affect Utax products. You can use the products without concern.