Masu bincike na tsaro daga F-Secure sun gano wani mummunan rauni (CVE-2021-39238) yana shafar fiye da 150 HP LaserJet, LaserJet Managed, PageWide da PageWide Managed printers da MFPs. Rashin lahani yana ba ku damar haifar da buffer ambaliya a cikin mai sarrafa font ta hanyar aika daftarin aiki na musamman na PDF don bugu da cimma aiwatar da lambar ku a matakin firmware. Matsalar ta kasance tun 2013 kuma an gyara shi a cikin sabunta firmware da aka buga a kan Nuwamba 1 (an sanar da masana'anta game da matsalar a cikin Afrilu).
Ana iya kai harin a kan na'urorin da ke da alaƙa a cikin gida da kuma kan tsarin bugu na cibiyar sadarwa. Misali, mai hari zai iya amfani da dabarun injiniyan zamantakewa don tilasta mai amfani don buga fayil ɗin ɓarna, kai hari ga firinta ta hanyar tsarin mai amfani da aka riga aka daidaita, ko amfani da wata dabara mai kama da “rebinding DNS,” wanda ke ba da izini, lokacin da mai amfani ya buɗe takamaiman. shafi a cikin burauzar, don aika buƙatun HTTP zuwa tashar hanyar sadarwa ta firinta (9100/TCP, JetDirect), babu don samun dama ta Intanet kai tsaye.
Bayan nasarar cin nasara na rashin lahani, za a iya amfani da na'urar bugawa da aka lalata azaman ginshiƙi don ƙaddamar da hari kan hanyar sadarwa ta gida, don shakku da zirga-zirga, ko barin ɓoyewar wurin zama ga maharan a cibiyar sadarwar gida. Har ila yau, rashin lafiyar ya dace da gina botnets ko ƙirƙirar tsutsotsi na cibiyar sadarwa wanda ke duba wasu tsarin da ba su da haɗari kuma suna ƙoƙarin kamuwa da su. Don rage cutarwa daga daidaitawar firinta, ana ba da shawarar sanya firintocin cibiyar sadarwa a cikin wani VLAN daban, taƙaita Tacewar zaɓi daga kafa haɗin yanar gizo mai fita daga firintocin, da kuma amfani da sabar bugu na daban maimakon shiga kai tsaye zuwa firintar daga wuraren aiki.
Masu binciken sun kuma gano wani rauni (CVE-2021-39237) a cikin firintocin HP, wanda ke ba da damar samun cikakkiyar damar yin amfani da na'urar. Ba kamar rashin lafiyar farko ba, an sanya matsalar matsakaicin matsakaicin haɗari, tun da harin yana buƙatar samun damar jiki zuwa firinta (yana buƙatar haɗi zuwa tashar tashar UART na kimanin minti 5).
source: budenet.ru