Security research outfit Secunia has discovered a bug in the Toolbox application installed with some HP printers. The printer maker has warned its customers and made a fix available.The security bulletin concerns HP’s Colour LaserJet 2500 and Colour LaserJet 4600 driver software which also includes a Toolbox application running in a browser.
Though Secunia dubbed the flaw as “less critical” the issue is applicable only when the setting are in the default install configuration.
The vulnerability is due to an input validation error in the HTTP server that drivers the user interface.
Although the flaw is specific to these two models, Secunia has used the fault to draw attention to printers in general saying that extra protection could be required to protect against potential future vulnerabilities.
The bug found by Secunia could allow an external attacker to access any printable file on the network according to reports.
HP has urged all users of the affected printer software to upgrade to the latest version.