• Home
  • |
  • Blog
  • |
  • A Critical RCE Vulnerability in HP Printer Devices- Let’s See How to Fix CVE-2022-28721(2)
A Critical RCE Vulnerability in HP Printer Devices- Let's See How to Fix CVE-2022-28721(2)

HP has addressed two vulnerabilities of which one is RCE vulnerability rated Critical and the second is ACE vulnerability rated high in severity. Attackers can abuse these buffer overflow vulnerabilities to perform remote code execution and arbitrary code execution on vulnerable printer modules. Since the critical flaw is rated 9.8 on the CVSS scale and allows to execution of malicious code from remote, it’s important to know how to fix CVE-2022-28721, a critical RCE vulnerability in HP printer devices. The vendor has covered both the flaws in a security advisory to protect your printers against these vulnerabilities. Let’s see what is there in the advisory and see how to apply the patches to your printer modules.

Let’s start the post from the summary of the vulnerabilities and see how to fix CVE-2022-28721, a critical RCE vulnerability in HP printer devices.

Summary of CVE-2022-28721(2)

HP released a security advisory on 21st, Sep. That it disclosed two Buffer Overflow vulnerabilities, one is Critical with a CVSS score of 9.8 and another one is High in severity with 7.1 CVSS scores. These flaws are due to improper bound checking that allows an attacker to overflow a buffer and execute arbitrary code on the affected printer devices.

The critical flaw allows an attacker to execute code over the network and the high severity flaw needs authentication and physical access to execute the code. There are no technical details were published on the flaws to lower the attack possibility.

Summary of CVE-2022-28721: 

Associated CVE IDCVE-2022-28721
DescriptionA Remote Code Execution Vulnerability in HP Printer Devices
Associated ZDI ID
CVSS Score9.8 Critical
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Impact Score
Exploitability Score
Attack Vector (AV)Network
Attack Complexity (AC)Low
Privilege Required (PR)None
User Interaction (UI)None
ScopeUnchanged
Confidentiality (C)High
Integrity (I)High
availability (a)High

Summary of CVE-2022-28722:

Associated CVE IDCVE-2022-28722
DescriptionA Arbitrary Code Execution Vulnerability in HP Printer Devices
Associated ZDI ID
CVSS Score7.1 High
VectorCVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Impact Score
Exploitability Score
Attack Vector (AV)Physical
Attack Complexity (AC)HighFGH
Privilege Required (PR)None
User Interaction (UI)None
ScopeChanged
Confidentiality (C)High
Integrity (I)High
availability (a)High

List HP Printer devices Affected By These Vulnerabilities

HP said that there are a long list of printer devices are affected by these vulnerabilities. The list has more than 60 printer modules. Please find the products affected by these vulnerabilities and patched firmware version that fixes the vulnerabilities. Please don’t forget to see the updated list here.

We urge you to carefully go through the table and list out the vulnerabilities identified in your modules and upgrade the firmware to the resolved version or the latest available for download.

Caution: We always recommend reading the product guide or contacting the vendor support team before upgrading firmware. A wrong firmware upgrade may either break your device or lead to permanent damage.

List of Affected HP InkJet Printers:

Product NameProduct NumberCVE-2022-28721 (CVSS 9.8)CVE-2022-28722 (CVSS 7.3)Updated Firmware Version
HP DeskJet Ink Advantage 5000 All-in-One Printer seriesM2U86A, M2U86B, M2U86C, M2U87A, M2U87B, M2U88B, M2U89BAffectedNot Affected2211A or higher
HP DeskJet Ink Advantage 5200 All-in-One Printer seriesM2U76A, M2U77AAffectedNot Affected2211C or higher
HP DeskJet Plus Ink Advantage 6000 All-in-One Printer series5SE522AAffectedNot Affected001.2214A or higher
HP DeskJet Plus Ink Advantage 6400 All-in-One Printer series5SD78A, 5SD79AAffectedNot Affected001.2214A or higher
HP ENVY 5000 All-in-One Printer seriesM2U85B, Z4A59A, Z4A71A, M2U91B, Z4A69A, M2U92B, Z4A70A, M2U94B, Z4A73A, Z4A74A, M2U91A, M2U92A, M2U85A, M2U94A, Z4A54A, Z4A60A, Z4A61A, Z4A61BAffectedNot Affected2211C or higher
HP ENVY 6000 All-in-One Printer series5SE17A, 6WD35A, 7CZ37A, 5SE18A, 5SE16A, 5SE19A, 5SE20A, 8QQ97A, 8QQ98A, 8QQ99AAffectedNot Affected001.2214B or higher
HP ENVY 6000e All-In-One Printer series223N6A, 2K4V8A, 2K4W1A, 2K4W2A, 223N2A, 223N1A, 223N5A, 223N9AAffectedNot Affected001.2216A or higher
HP ENVY 6400e All-In-One Printer series223R6A, 2K5L5A, 223R2A, 223R1A, 223R3A, 223R9AAffectedNot Affected001.2216A or higher
HP ENVY Photo 6200 All-in-One Printer seriesK7G22A, K7G18A, K7G23A, Y0K15A, K7D05AAffectedNot Affected003.2220B or higher
HP ENVY Photo 7100 All-in-One Printer seriesZ3M37A, K7G93A, Z3M52A, 3XD89A, K7G95A, K7G96A, K7G99AAffectedNot Affected003.2220B or higher
HP ENVY Photo 7800 All-in-One Printer seriesK7R96A, K7S00A, K7S08A, K7S01AAffectedNot Affected003.2220B or higher
HP ENVY Pro 6400 All-in-One Printer series5SE46A, 6WD14A, 6WD16A, 5SE47A, 5SE45A, 5SE48A, 7XK12A, 5SE50A, 8QQ86A, 8QQ87A, 8QQ88AAffectedNot Affected001.2214B or higher
HP OfficeJet 5200 All-in-One Printer seriesM2U81A, Z4B29A, M2U81B, Z4B27A, M2U82B, Z4B28A, M2U84B, M2U82A, M2U75A, M2U84A, Z4B12A, Z4B13A, Z4B14A, Z4B18AAffectedNot Affected2211A or higher
HP OfficeJet 6950 All-in-One Printer seriesP4C78A, P4C85A, T3P03A, P4C86A, P4C81A, P4C82A, P4C84AAffectedAffected001.2224A or higher
HP OfficeJet 6960 All-in-One Printer seriesT0G25A, T0G26AAffectedAffected001.2225A or higher
HP OfficeJet 8010 All-in-One Printer series1KR69A, 1KR58AAffectedNot Affected001.2213A or higher
HP OfficeJet 8010e All-in-One Printer series228F5AAffectedNot Affected004.2222A or higher
HP OfficeJet 8022 All-in-One Printer3UC65AAffectedNot Affected001.2213A or higher
HP OfficeJet 8022e All-in-One Printer1K7K6AAffectedNot Affected004.2222A or higher
HP OfficeJet Pro 6960 All-in-One Printer seriesJ7K33A, T0F30A, T0F32A, T0F38A, T0F31A, J7K37A, J7K38A, J7K35A, J7K39A, T0F28A, T0F36AAffectedAffected001.2225A or higher
HP OfficeJet Pro 6970 All-in-One Printer seriesJ7K34A, T0F33A, T0F39A, T0F34A, T0F35A, J7K40A, J7K36A, J7K42A, J7K41A, T0F29A, T0F37A, T0F40AAffectedAffected001.2225A or higher
HP OfficeJet Pro 7720 Wide Format All-in-One Printer seriesG5J56A, Y0S18AAffectedAffected003.2226A or higher
HP OfficeJet Pro 7730 Wide Format All-in-One PrinterL3T99A, Y0S19AAffectedAffected003.2226A or higher
HP OfficeJet Pro 7740 Wide Format All-in-One Printer seriesG5J38A, T1P99AAffectedAffected002.2226A or higher
HP OfficeJet Pro 8020 All-in-One Printer series1KR62A, 5LJ17A, 5LJ18A, 5LJ19A, 1KR57A, 1KR61AAffectedNot Affected001.2213A or higher
HP OfficeJet Pro 8020e All-in-One Printer series1K7K7AAffectedNot Affected004.2222A or higher
HP OfficeJet Pro 8030 All-in-One Printer series1KR62A, 5LJ17A, 5LJ18A, 5LJ19A, 1KR57A, 1KR61A, 3UC64AAffectedNot Affected001.2213A or higher
HP OfficeJet Pro 8030e All-in-One Printer series5LJ14A, 5LJ15A, 5LJ16A, 3UC66A, 4KJ65A, 5LJ23AAffectedNot Affected004.2222A or higher
HP OfficeJet Pro 8035e All-in-One Printer1L0H6A, 1L0H7A, 1L0H8AAffectedNot Affected004.2222A or higher
HP OfficeJet Pro 8210 Printer seriesD9L63A, D9L64A, J3P65A, J3P66A, J3P67A, J3P68A, T0G70AAffectedAffected001.2225B or higher
HP OfficeJet Pro 8710 All-in-One Printer seriesD9L18A, M9L66A, M9L67A, T0G46A, J6X76A, J6X78A, J6X80A, K7S37A, M9L70A, J6X77A, J6X81A, J6X79A, K7S38A, T0G47A, T0G48A, T0G49A, M9L65ANot AffectedAffected001.2224B or higher
HP OfficeJet Pro 8730 All-in-One PrinterD9L20A, K7S32AAffectedAffected001.2225B or higher
HP OfficeJet Pro 8740 All-in-One Printer seriesD9L21A, K7S42A, T0G65A, K7S39A, J6X83A, K7S43A, K7S40A, K7S41AAffectedAffected001.2225B or higher
HP OfficeJet Pro 9010 All-in-One Printer series1KR46A, 3UK83A, 1KR49A, 1KR42A, 1KR45A, 3UK84A, 1KR48A, 1KR54A, 1KR55AAffectedNot Affected002.2211C or higher
HP OfficeJet Pro 9010e All-in-One Printer series257G3AAffectedNot Affected005.2210A or higher
HP OfficeJet Pro 9020 All-in-One Printer series1MR78A, 1MR66A, 1MR67A, 1MR69A, 1MR70A, 1MR71A, 1MR72A, 1MR73A, 1MR74A, 1MR75A, 1MR76A, 1MR77A, 1MR68A, 1MR79AAffectedNot Affected002.2211C or higher
HP OfficeJet Pro 9020e All-in-One Printer series226Y9A, 1G5M0AAffectedNot Affected005.2210A or higher
HP Smart Tank 510 Wireless All-in-One series / HP Smart Tank Plus 550 Wireless All-in-One series4SB23A, 3YW71A, 3YW74A, 1TJ09A, 3YW70A, 1TJ10A, 1TJ11A, 3YW73A, 6HF11A, 1TJ12A, 3YW72A, 3YW75AAffectedNot Affected001.2219A or higher
HP Smart Tank 610 Wireless All-in-One series / HP Smart Tank Plus 650 Wireless All-in-One seriesY0F71A, Y0F72A, Y0F73A, 7XV38A, Y0F74A, 3YW48A, 3YW51AAffectedNot Affected001.2219A or higher
HP Tango / HP Tango X3DP64A, 3DP65A, 3DP66A, 3YF56A, 3YF57A, 3YF58A, 3YF60A, 3YF61A, 2RY54A, 2RY55A, 2RY56A, 3YF65A, 3YF66A, 3YF67A, 3YF68A, 3YF69A, 3YF70A, 3YF59AAffectedNot Affected2209A or higher

List of Affected HP LaserJet Pro printers:

Product NameProduct NumberCVE-2022-28721 (CVSS 9.8)CVE-2022-28722 (CVSS 7.3)Updated Firmware Version
HP PageWide 352dw PrinterJ6U57AAffectedAffected2228B or higher
HP PageWide 377dw Multifunction PrinterJ9V80AAffectedAffected2228B or higher
HP PageWide Managed P55250dw Printer seriesJ6U55A, J6U51B, J6U55BAffectedAffected2228B or higher
HP PageWide Managed P57750dw Multifunction PrinterJ9V82AAffectedAffected2228B or higher
HP PageWide Managed P75050dn/dwW1B28A, Y3Z45A W1B29A, Y3Z47AAffectedAffected006.2225A or higher
HP PageWide Managed P77740dn Multifunction PrinterY3Z57AAffectedAffected006.2225A or higher
HP PageWide Managed P77740dw Multifunction PrinterW1B33AAffectedAffected006.2225A or higher
HP PageWide Managed P77740z Multifunction PrinterW1B39AAffectedAffected006.2225A or higher
HP PageWide Managed P77750z Multifunction PrinterW1B37AAffectedAffected006.2225A or higher
HP PageWide Managed P77760z Multifunction PrinterW1B38AAffectedAffected006.2225A or higher
HP PageWide Pro 452dn Printer seriesD3Q15AAffectedAffected2228B or higher
HP PageWide Pro 452dw Printer seriesD3Q16AAffectedAffected2228B or higher
HP PageWide Pro 477dn Multifunction Printer seriesD3Q19AAffectedAffected2228B or higher
HP PageWide Pro 477dw Multifunction Printer seriesD3Q20AAffectedAffected2228B or higher
HP PageWide Pro 552dw Printer seriesD3Q17AAffectedAffected2228B or higher
HP PageWide Pro 577 Multifunction Printer seriesD3Q21A, K9Z76AAffectedAffected2228B or higher
HP PageWide Pro 750dn PrinterY3Z44AAffectedAffected006.2225A or higher
HP PageWide Pro 750dw PrinterA7W93A, Y3Z46AAffectedAffected006.2225A or higher
HP PageWide Pro 772dn Multifunction PrinterY3Z54AAffectedAffected006.2225A or higher
HP PageWide Pro 772dw Multifunction PrinterW1B31AAffectedAffected006.2225A or higher

List of Affected HP PageWide Pro printers:

Product NameProduct NumberCVE-2022-28721 (CVSS 9.8)CVE-2022-28722 (CVSS 7.3)Updated Firmware Version
HP PageWide 352dw PrinterJ6U57AAffectedAffected2228B or higher
HP PageWide 377dw Multifunction PrinterJ9V80AAffectedAffected2228B or higher
HP PageWide Managed P55250dw Printer seriesJ6U55A, J6U51B, J6U55BAffectedAffected2228B or higher
HP PageWide Managed P57750dw Multifunction PrinterJ9V82AAffectedAffected2228B or higher
HP PageWide Managed P75050dn/dwW1B28A, Y3Z45A W1B29A, Y3Z47AAffectedAffected006.2225A or higher
HP PageWide Managed P77740dn Multifunction PrinterY3Z57AAffectedAffected006.2225A or higher
HP PageWide Managed P77740dw Multifunction PrinterW1B33AAffectedAffected006.2225A or higher
HP PageWide Managed P77740z Multifunction PrinterW1B39AAffectedAffected006.2225A or higher
HP PageWide Managed P77750z Multifunction PrinterW1B37AAffectedAffected006.2225A or higher
HP PageWide Managed P77760z Multifunction PrinterW1B38AAffectedAffected006.2225A or higher
HP PageWide Pro 452dn Printer seriesD3Q15AAffectedAffected2228B or higher
HP PageWide Pro 452dw Printer seriesD3Q16AAffectedAffected2228B or higher
HP PageWide Pro 477dn Multifunction Printer seriesD3Q19AAffectedAffected2228B or higher
HP PageWide Pro 477dw Multifunction Printer seriesD3Q20AAffectedAffected2228B or higher
HP PageWide Pro 552dw Printer seriesD3Q17AAffectedAffected2228B or higher
HP PageWide Pro 577 Multifunction Printer seriesD3Q21A, K9Z76AAffectedAffected2228B or higher
HP PageWide Pro 750dn PrinterY3Z44AAffectedAffected006.2225A or higher
HP PageWide Pro 750dw PrinterA7W93A, Y3Z46AAffectedAffected006.2225A or higher
HP PageWide Pro 772dn Multifunction PrinterY3Z54AAffectedAffected006.2225A or higher
HP PageWide Pro 772dw Multifunction PrinterW1B31AAffectedAffected006.2225A or higher

How to Fix CVE-2022-28721, A Critical RCE Vulnerability in HP Printer Devices?

The manifacturer has released the patched version of firmware to fix the vulnerabilities. The users of affected products are advised to upgrade the firmware to the latest patched version shown in the previous section.

HP offers periodic firmware updates for printers to address known issues and add new features. You must update the firmware on your printer to get all the latest updates.

There could be different ways to upgrade the firmware. Firmware upgradation using the printer control panel is the direct way to upgrade the firmware on the device itself which doesn’t require a computer to have. The second method is to upgrade the firmware using the printer update utility. This is the best way to go when you have multiple printers to upgrade the firmware. It is best for small to large size corporate networks. You can learn about upgrading firmware from here. However, we have tried covering both ways in this post so that you can have an idea about the upgradation process.

Here are two supported methods to update firmware on your printer.

  • Update the firmware via the printer control panel
  • Update the firmware via the HP Printer Update Utility

Method 1: Update The Firmware Via The Printer Control Panel

Use this method to update the firmware via the printer control panel and to set the printer to update the firmware with the availability of new updates automatically. However, the process varies based on the type of control panel the device has. The control panel can be any one of the following types. This method works well for homes or small businesses which will have hand countable number of printers. Watch this video to learn how to upgrade the firmware using this way.

Video Source: HP
Video Source: HP

Method 2: How To Update The Firmware Using HP Printer Update Utility?

Use this method to download and install the HP Printer Update Utility manually. This method is good for any small to large businesses which will have hundreds of printers in their facility.

Time needed: 15 minutes.

How To Update The Firmware Using HP Printer Update Utility?

  1. Prepare for the Update

    1. Print the printer status page or network setting page to check the current firmware version.
    2. Press OK to display the Home screen on the printer control panel.
    3. Use Arrow buttons to navigate to Setup and press OK.
    4. Open the Reports menu.
    5. Choose either Printer Network Configuration Report to print the Network settings page or select Printer status report.
    6. Note installed firmware version.

  2. Download the firmware file

    1. Go to HP Support and click Software and Drivers and then Printer.
    2. Type the printer name in the search field and select Submit.
    3. Locate the Firmware Update in the Firmware section.
    4. Click Download and save the file to the system.

  3. Update the firmware

    Follow these steps to update the firmware on Windows.

    1. Navigate to the location where the .exe file is located.
    2. Double-click the file to initiate the upgrade process. 
    3. Wait for the utility to detect printers connected to the PC via network or USB.
    4. Select the printers for which the firmware update is required and select Update.
    5. Wait for the printer to reboot to a Ready state after completing the download. It will reboot automatically.
    6. Print a Printer Network Configuration Report to verify that the printer firmware update was successful, and then click the firmware version.
    7. Click the OK button to close the utility.

    Click here for more information.

We hope this post will help you know how to fix CVE-2022-28721, a critical RCE vulnerability in HP printer devices. Please share this post and help to secure the digital world. Visit our social media page on FacebookLinkedInTwitterTelegramTumblr, & Medium and subscribe to receive updates like this. 

About the author

Arun KL

Hi All, I am Arun KL, an IT Security Professional. Founder of “thesecmaster.com”. Enthusiast, Security Blogger, Technical Writer, Editor, Author at TheSecMaster. To know more about me. Follow me on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.