HP released a bulletin on Sunday saying the flaw exists in its Color LaserJet 2500 Toolbox for Microsoft Windows and Color LaserJet 4600 Toolbox on Windows.
The flaw opens up personal information to hackers when the printer's Toolbox feature is in its default configuration, according to the HP advisory.
The company has made a fix available through its HP Color LaserJet 2500/4600 Software Update version 3.1.
The flaw is caused by an input validation error in the built-in HTTP server, according to vulnerability monitoring firm Secunia.
Palo Alto, Calif.,-based HP said it was alerted to the flaw by Richard Horsman, a researcher at U.K.-based Sec-1.
Ron O'Brien, senior security analyst at Sophos, said the alert should be a reminder to PC users that flaws occur throughout a system.
"In an interconnected world, vulnerabilities are not confined to browsers and operating systems, and HP's warning serves as a reminder to protect against all means by which hackers might access personal information," he said. "Staying informed of the latest security issues and keeping security products up to date is essential to protecting digital privacy."
_(37).jpg&h=140&w=231&c=1&s=0)
_(36).jpg&h=140&w=231&c=1&s=0)
Cyber Resilience Summit
iTnews Executive Retreat - Security Leaders Edition
Huntress + Eftsure Virtual Event -Fighting A New Frontier of Cyber-Fraud: How Leaders Can Work Together
iTnews Cloud Covered Breakfast Summit
Live & Hands On Demo: Navigating the BMC AMI DevX Platform to Understand Code Faster Using AI
_(1).jpg&h=140&w=231&c=1&s=0)
