Recently, HP has updated the firmware of all its inkjet printing products, from commercial page widths and OfficeJet, large format DesignJet, home InkJet and other full range of products. This is a flaw in the InkJet product that HP discovered before. It can cause a stack overflow by sending a file, and then execute the code beyond the code. The vulnerability for this upgrade is CVE-2018-5924 and CVE-2018-5925, as long as it is used normally. Follow the prompts to upgrade to block these vulnerabilities.
At the same time as the new firmware was announced, HP also collected printer product vulnerabilities from all hackers. If the hacker found the vulnerability enough, he could get up to $10,000 in cash rewards. And instead of letting hackers discover the vulnerabilities themselves, HP built an open platform where researchers can remotely control these printing devices, especially for firmware hacking, such as CSRF, RCE, and XSS.
For office, the breakthrough point is the weakest point. Hewlett-Packard is constantly improving its own security. This reward is also hoped to use the research power of the world to raise the security of HP printing products to a new height.