Vulnerability CVE-2018-5925

Vulnerability CVE-2018-5925

Published: 2018-08-13

Description:

A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a static buffer overflow, which could allow remote code execution.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score	Impact Subscore	Exploitability Subscore
9.3/10	10/10	8.6/10

Exploit range	Attack complexity	Authentication
Remote	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
Complete	Complete	Complete

Affected software
HP -> D9l63a firmware
HP -> F5r96a firmware
HP -> F9d36 firmware
HP -> J6u57b firmware
HP -> J9v86a firmware
HP -> K9u05b firmware
HP -> M9l73a firmware
HP -> T0g54a firmware
HP -> V1n01a firmware
HP -> Y3z46 firmware
HP -> A9t80a firmware
HP -> Cn459a firmware
HP -> Cq890d firmware
HP -> Cv136a firmware
HP -> D3a82a firmware
HP -> D3q20c firmware
HP -> D9l64a firmware
HP -> F5s00 firmware
HP -> G0450 firmware
HP -> J6u59 firmware
HP -> J9v87a firmware
HP -> K9v76 firmware
HP -> M9l80a firmware
HP -> T0g56a firmware
HP -> V1n02a firmware
HP -> 1dt61a firmware
HP -> Y3z47 firmware
HP -> A9t80b firmware
HP -> Cn460a firmware
HP -> Cq890e firmware
HP -> Cx017a firmware
HP -> D3p93a firmware
HP -> D3q20d firmware
HP -> E1d34a firmware
HP -> F5s43 firmware
HP -> G0v47 firmware
HP -> J6u63 firmware
HP -> K4t99b firmware
HP -> K9z76a firmware
HP -> M9l81a firmware
HP -> T0g70a firmware
HP -> V1n08a firmware
HP -> 1jl02a firmware
HP -> Y3z54 firmware
HP -> A9t89a firmware
HP -> Cn461a firmware
HP -> Cq891a firmware
HP -> Cx042 firmware
HP -> D3q15a firmware
HP -> D3q21a firmware
HP -> E1d36a firmware
HP -> F5s57a firmware
HP -> G0v48b firmware
HP -> J6u69 firmware
HP -> K4u04b firmware
HP -> K9z76d firmware
HP -> N4k99c firmware
HP -> T0k98a firmware
HP -> V6d27 firmware
HP -> 1jl02b firmware
HP -> Y3z57 firmware
HP -> A9u19a firmware
HP -> Cn463a firmware
HP -> Cq891ar firmware
HP -> Cz025a firmware
HP -> D3q15b firmware
HP -> D3q21c firmware
HP -> E2d42a firmware
HP -> F5s60a firmware
HP -> G0v48c firmware
HP -> J6x76a firmware
HP -> K7c84 firmware
HP -> L8l91a firmware
HP -> N4l14c firmware
HP -> T1p36 firmware
HP -> W1b31 firmware
HP -> 1sh08 firmware
HP -> Y5h60a firmware
HP -> A9u23 firmware
HP -> Cn577a firmware
HP -> Cq891b firmware
HP -> Cz045a firmware
HP -> D3q15d firmware
HP -> D3q21d firmware
HP -> E3e02a firmware
HP -> F5s65a firmware
HP -> G1w52a firmware
HP -> J6x80a firmware
HP -> K7g18a firmware
HP -> L9b95a firmware
HP -> N4l17a firmware
HP -> T1p99 firmware
HP -> W1b33 firmware
HP -> 2nd31a firmware
HP -> Y5h80a firmware
HP -> A9u28b firmware
HP -> Cn581a firmware
HP -> Cq891c firmware
HP -> Cz152a firmware
HP -> D3q16a firmware

References:

http://www.securityfocus.com/bid/105010

http://www.securitytracker.com/id/1041415

https://research.checkpoint.com/sending-fax-back-to-the-dark-ages/

https://support.hp.com/us-en/document/c06097712

Vulnerability CVE-2018-5925

A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a static buffer overflow, which could allow remote code execution.

CWE-119

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

9.3/10

10/10

8.6/10

Remote

Medium

No required

Complete

Complete

Complete

Affected software

References: