移到主要內容

[資訊中心轉公告] 【漏洞預警】多款HP噴墨印表機存在安全漏洞(CVE-2018-5924與CVE-2018-5925),允許遠端攻擊者執行任意程式碼,請儘速確認並進行更新

轉發國家資安資訊分享與分析中心 資安訊息警訊 NISAC-ANA-201808-0136

研究人員發現多款HP噴墨印表機存在安全漏洞(CVE-2018-5924與CVE-2018-5925),攻擊者可向受影響的噴墨印表機發送特製的惡意檔案,將可能造成堆疊或緩衝區溢位(Buffer Overflow),進而導致攻擊者可遠端執行任意程式碼。

[影響平台:]

HP 印表機之下列型號:

PageWide Pro HP PageWide 352dw HP PageWide Managed MFP P57750dw HP PageWide Managed MFP P77740dn HP PageWide Managed MFP P77740dw HP PageWide Managed MFP P77740z HP PageWide Managed MFP P77750z HP PageWide Managed MFP P77760z HP PageWide Managed P55250dw HP PageWide Managed P75050dn HP PageWide Managed P75050dw HP PageWide MFP 377dw HP PageWide Pro 452dn HP PageWide Pro 552dw HP PageWide Pro 750dn HP PageWide Pro 750dw HP PageWide Pro MFP 477dn HP PageWide Pro MFP 477dw HP PageWide Pro MFP 577dw HP PageWide Pro MFP 577z HP PageWide Pro MFP 772dn HP PageWide Pro MFP 772dw HP PageWide Pro 452dw HP Officejet Pro X451dn Printer HP Officejet Pro X451dw Printer HP Officejet Pro X476dn MFP HP Officejet Pro X476dw MFP HP Officejet Pro X551dw Printer HP Officejet Pro X576dw MFP HP DesignJet HP DesignJet rugged case HP Designjet T120 24-in ePrinter HP Designjet T120 24-in Printer HP Designjet T120 24-in Printer (2018 edition) HP Designjet T120 24-in Rmkt ePrinter HP Designjet T520 24-!

 in ePrinter HP Designjet T520 24-in Printer HP Designjet T520 24-in Printer (2018 edition) HP Designjet T520 24-in Printer (2018 edition) HP Designjet T520 24-in Printer (2018 edition, legless) HP Designjet T520 24-in Rmkt ePrinter HP Designjet T520 36-in ePrinter HP Designjet T520 36-in Printer HP Designjet T520 36-in Printer (2018 edition) HP Designjet T520 36-in Printer (2018 edition, legless) HP Designjet T520 36-in Rmkt ePrinter HP DesignJet T730 36in Printer HP DesignJet T730 36in Printer HP Designjet T730 with Rugged Case HP DesignJet T830 24in eMFP Printer HP DesignJet T830 24-in MFP Printer HP DesignJet T830 MFP with Armor Case HP DesignJet T830 MFP with Armour Case HP DesignJet T830 MFP with Rugged Case HP Officejet, HP Deskjet and HP Envy HP AMP 100 Printer series HP Deskjet 2540 All-in-One series HP DeskJet 2600 All-in-One Printer series HP DeskJet 2600 All-in-One Printer HP Deskjet 2620 Ink Advantage series HP Deskjet 3540 series HP DeskJet 3630 series HP DeskJ!

 et 3700 All-in-One Printer series HP Deskjet 4510 series HP DeskJet 4530 series HP DeskJet 4720 series HP DeskJet 5000 series HP DeskJet 5275 All-in-One Printer HP DeskJet 5640 series HP DeskJet 5730 series HP DeskJet GT 5820 All-in-One Printer series HP Deskjet Ink Advantage 2540 All-in-One HP DeskJet Ink Advantage 2600 All-in-One Printer HP DeskJet Ink Advantage 2600 All-in-One Printer HP DeskJet Ink Advantage 3630 All-in-One Printer HP DeskJet Ink Advantage 3700 All-in-One Printer series HP Deskjet Ink Advantage 3830 e-All-in-One Printer HP Deskjet Ink Advantage 4615 All-in-One Printer HP Deskjet Ink Advantage 4625 e-All-in-One HP Deskjet Ink Advantage 4640 e-All-in-One Printer series HP DeskJet Ink Advantage 4670 All-in-One Printer HP Deskjet Ink Advantage 5525 e-All-in-One HP DeskJet Ink Advantage 5570 All-in-One printer HP Deskjet Ink Advantage 6525 e-All-in-One HP Envy 120 Series HP ENVY 4500 series HP ENVY 4510 All-in-One Printer HP ENVY 4520 series HP ENVY 5000 series HP EN  VY 5530 series HP ENVY 5540 All-in-One Printer HP ENVY 5640 se!

 ries HP ENVY 5660 series HP ENVY 7640 series HP ENVY Photo 6200 All-in-One Printer series HP ENVY Photo 7100 All-in-One Printer series HP Ink Tank 310 HP Ink Tank Wireless 410 HP OfficeJet 200 Mobile series HP OfficeJet 202 Mobile series HP OfficeJet 250 Mobile All-in-One Printer series HP OfficeJet 252 Mobile All-in-One HP Officejet 2620 series HP Officejet 3830 e-All-in-One Printer HP Officejet 4610 e-All-in-One Printer HP Officejet 4620 e-All-in-One Printer HP Officejet 4622 e-All-in-One Printer HP Officejet 4630 e-All-in-One Printer series HP OfficeJet 4650 All-in-One Printer HP OfficeJet 5200 All-in-One Printer HP Officejet 5740 series HP Officejet 6220 / HP Officejet Pro 6230 ePrinter HP OfficeJet 6600 e-All-in-One HP OfficeJet 6700 Premium e-All-in-One HP Officejet 6810/6820 e-All-in-One Printer HP OfficeJet 6950 All-in-One HP OfficeJet 6960 All-in-One HP OfficeJet Pro 6960 All-in-One HP Officejet 7110 Wide Format ePrinter HP Officejet 7510 Wide Format All-in-One Pri!

 nter HP Officejet 7610 series Wide Format e-All-in-One Printer HP Officejet 7612 Wide Format e-All-in-One HP Officejet Pro 251dw Printer HP Officejet Pro 276dw Multifunction Printer HP Officejet Pro 3610 Black and White Printer HP Officejet Pro 3620 Black and White Printer HP Officejet Pro 6830 e-All-in-One Printer HP OfficeJet Pro 6970 All-in-One Printer HP OfficeJet Pro 7720 Wide Format All-in-One HP OfficeJet Pro 7730 Wide Format All-in-One HP OfficeJet Pro 7740 Wide Format All-in-One HP OfficeJet Pro 8210 Printer HP OfficeJet Pro 8216 HP OfficeJet Pro 8600 e-All-in-One HP OfficeJet Pro 8600 Plus e-All-in-One HP OfficeJet Pro 8600 Premium e-All-in-One HP Officejet Pro 8610 e-All-in-One Printer HP Officejet Pro 8620 e-All-in-One Printer HP Officejet Pro 8630 e-All-in-One Printer HP Officejet Pro 8640 e-All-in-One Printer HP Officejet Pro 8660 e-All-in-One Printer HP OfficeJet Pro 8710 All-in-One Printer HP OfficeJet Pro 8720 All-in-One Printer HP OfficeJet Pro 8730 HP OfficeJet Pr  o 8732M All-in-One Printer HP OfficeJet Pro 8740 HP Photosmart!

  5510 series HP Photosmart 5510d series HP Photosmart 5520 series e-All-in-One HP Photosmart 5521 e-All-in-One HP Photosmart 5522 e-All-in-One HP Photosmart 5524 e-All-in-One HP Photosmart 5525 e-All-in-One HP Photosmart 6510 series HP Photosmart 6520 e-All-in-One HP Photosmart 7520 series HP Photosmart Plus All-in-One B210 series HP Smart Tank Wireless 450

[建議措施:]

1.印表機具備網路連線能力,且可連線至Internet:

(1)印表機具有HP ePrint功能時: 連線至印表機管理頁面後,於設定頁面點選HP ePrint圖示或按鈕,並點選「產品更新」或「檢查更新」,並依照指示更新韌體。

(2)印表機無HP ePrint功能時: 點選「設定」→「偏好設定」或「設備維護」→「印表機更新」,並依指示更新韌體。

2.如印表機無法連線至Internet,請至HP官網(https://support.hp.com/tw-zh/drivers/printers)下載印表機韌體更新程式:

(1)於搜尋列輸入印表機型號,選擇作業系統版本後,於「韌體」欄位尋找說明為「安全性公告HPSBHF03589」之項目進行下載。

(2)確認電腦與印表機可連線(網路或USB)後,開啟韌體更新程式:

a.如顯示型號,勾選印表機後,點選「更新」進行更新。

b.如型號顯示反灰,表示不需要進行更新。

[參考資料:]

1. https://support.hp.com/us-en/document/c06097712

2. https://securitytracker.com/id/1041415

(此通報僅在於告知相關資訊,並非為資安事件),如果您對此通報的內容有疑問或有關於此事件的建議,歡迎與我們連絡。

教育機構資安通報應變小組

網址:https://info.cert.tanet.edu.tw/

專線電話:07-5250211

網路電話:98400000

E-Mail:service@cert.tanet.edu.tw