Faxsploit Allows Remote Code Execution Through HP All-in-One Printers
by Ryan Seguin on August 14, 2018
A new exploit demonstrated by Checkpoint Research at DEF CON last week leverages vulnerabilities in all-in-one printers, potentially allowing attackers to take control of other devices on the network.
Background
Checkpoint Research published a proof of concept (PoC) for exploiting two remote code execution vulnerabilities on HP All-in-One printers solely through the printer’s fax line. These critical vulnerabilities score CVSS v3 as 9.8 and include CVE-2018-5924 and CVE-2018-5925.