How to find HP printers and multi-function printers (MFPs)

|
Updated

Latest HP printer and MFP vulnerability #

Do you have HP printers and multi-function printers (MFPs)? You might want to look at the two recently published vulnerabilities that affect 150+ models. Named "Printing Shellz" by the F-Secure security researchers who reported them, these vulns have been around for ~8 years.

When successfully exploited, can provide attackers with:

  • CVE-2021-39237, "medium" CVSS score of 4.6 - Information disclosure via exposed connectors to gain shell access (requires physical access to the vulnerable device).
  • CVE-2021-39238, "critical" CVSS score of 9.8 - Remote code execution via buffer overflow in the font parsing logic.

HP LaserJet, PageWide, OfficeJet, and ScanJet product lines all contain vulnerable models. You can find the full lists in HP's posted advisories: CVE-2021-39237 and CVE-2021-39238.

HP released patched firmware last month and urged owners of affected printers to update their firmware as soon as possible. F-Secure's researchers also offer some mitigation strategies, as well in section 6 of their writeup.

How to find vulnerable HP printers and MFPs with runZero #

From the Asset Inventory, use the following pre-built query to locate potentially vulnerable HP printer and MFP assets within your network:

NOT hardware:"JetDirect" AND (mac_vendor:"HP" OR mac_vendor:="Hewlett Packard%" OR hardware:"HP%" OR hardware:="Hewlett Packard%") AND (type:printer OR os.family:"LaserJet" OR NOT (os:"%iLO%" OR type:switch OR type:computer))
Find HP printers

You can also search via the Service Inventory, using the following pre-built query to locate potentially HP printer and MFP services within your network:

_asset.protocol:http AND protocol:http AND ((html.title:="HP %LaserJet%" OR banner:="HP %LaserJet%") OR (html.title:="HP %PageWide%" OR banner:="HP %PageWide%") OR (html.title:="HP %OfficeJet%" OR banner:="HP %OfficeJet%") OR (html.title:="HP %ScanJet%" OR banner:="HP %ScanJet%"))
Find HP printers

Note that results from the above queries may contain models that are not vulnerable, so manual verification against the full lists of affected models published by HP (here and here) is needed.

As always, any prebuilt queries we create are available from our Queries Library. Check out the library for other useful inventory queries.

Written by Pearce Barry

More about Pearce Barry
Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.


Explore more

Webcasts
The Unreasonable Effectiveness of Inside Out Attack Surface Management
HD Moore, founder of runZero (and previously Metasploit), presents new research that will forever redefine how you approach attack surface...
Webcasts
Safeguarding OT/ICS Assets: Insights from the U.S. Department of Energy
Security experts from the National Renewable Energy Lab’s (NREL) Clean Energy Cybersecurity Accelerator™ (CECA) program join runZero to discuss...
runZero Insights
Ensure compliance with DORA’s ICT risk framework using runZero
Learn how to uncover unmanaged and unknown assets— including IT, OT, and IoT— to meet DORA's hidden risk requirements using runZero.
Talks
DEF CON 32: SSHamble: Unexpected Exposures in SSH (Video)
This talk digs deep into SSH, the lesser-known implementations, many of the surprising security issues found along the way, and how to exploit them.

See Results in Minutes

Get complete visibility into IT, OT, & IoT — without agents, credentials, or hardware.

© Copyright 2025 runZero, Inc. All Rights Reserved