Safety relevant information of MFP M725z from HP Inc.
A security vulnerability regarding printers/MFP from HP Inc. has been published on various news sites. In response, we would like to evaluate the mentioned issues regarding TA products.
1. Vulnerability Overview
F-Secure Corp. has investigated the vulnerability of the MFP M725z from HP Inc. As a result, two CVEs were registered.
CVE-2021-39237
CVE-2021-39238
CVE-2021-39237
CVE-2021-39238
2. Further information
- The investigative website of F-Secure Corp.
https://labs.f-secure.com/publications/printing-shellz/ - The NVD website of NIST
https://nvd.nist.gov/vuln/detail/CVE-2021-39237
https://nvd.nist.gov/vuln/detail/CVE-2021-39238
3.Details of the vulnerability disclosed.
- CVE-2021-39237: Some HP LaserJet, HP LaserJet Managed, HP PageWide, or HP PageWide Managed printers may be vulnerable to possible information disclosure.
CVE-2021-39238: Some HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, and HP PageWide Managed products are at risk of a buffer overflow.
4. Impact on our products.
Vulnerabilities CVE-2021-39237 and CVE-2021-3928 affect HP Inc. products. TA's products are built differently from HP Inc. MFP/printers, so these two vulnerabilities do not affect TA products. You can use the products without concern.