EUVD-2024-54702CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3Tags
Description
An unauthenticated attacker who can connect to TCP port 9100 can issue a Printer Job Language (PJL) command that will crash the target device. The device will reboot, after which the attacker can reissue the command to repeatedly crash the device. A malformed PJL variable FORMLINES is set to a non number value causing the target to crash.
Analysis
CVE-2024-51982 is a denial-of-service vulnerability affecting network-connected printers and multifunction devices that expose the Printer Job Language (PJL) interface on TCP port 9100. An unauthenticated remote attacker can send a malformed PJL command with an invalid FORMLINES variable to crash the device repeatedly, causing service disruption without authentication or user interaction. The CVSS 7.5 score reflects the high availability impact, and while specific KEV/POC data was not provided in the source material, the straightforward nature of the exploit (malformed input causing crash) suggests practical exploitability.
Technical Context
The vulnerability exists in the Printer Job Language (PJL) command interpreter—a standard protocol used by HP and compatible printers for job control and device configuration. PJL operates over raw TCP port 9100 (Line Printer Daemon protocol) and traditionally lacks authentication mechanisms. The root cause falls under CWE-1286 (Improper Validation of Syntactic Correctness of Input), specifically the failure to properly validate that the FORMLINES variable contains a numeric value before processing it. When the printer firmware attempts to parse a non-numeric string assigned to FORMLINES, it triggers an unhandled exception or buffer overflow condition, causing the device to crash and reboot. This is a classic case of insufficient input validation in embedded printer firmware where the PJL parser does not enforce type constraints on configuration variables.
Affected Products
While specific CPE strings and product versions were not provided in the source material, CVE-2024-51982 affects network printers and multifunction devices that: (1) Support PJL command protocol on TCP port 9100; (2) Include vulnerable firmware versions that fail to validate the FORMLINES variable. Historically, such vulnerabilities affect HP LaserJet, HP OfficeJet, HP Color LaserJet series, and compatible third-party printers from manufacturers like Xerox, Canon, Ricoh, and Kyocera that implement PJL. The vulnerability is vendor-agnostic to PJL implementations. Organizations should consult the National Vulnerability Database (NVD) entry for CVE-2024-51982 and relevant vendor security advisories (HP Security Bulletin, Xerox Security Alerts, etc.) for exact affected firmware versions and model numbers.
Remediation
Recommended remediation steps: (1) IMMEDIATE MITIGATION: Restrict network access to TCP port 9100 using firewall rules; disable external routing to printer subnets; implement network segmentation (VLAN isolation) to prevent untrusted hosts from reaching printers; (2) PATCH DEPLOYMENT: Identify affected printer models and apply available firmware updates from the manufacturer—consult HP, Xerox, Canon, Ricoh, or Kyocera security advisories for specific patch versions and download links; (3) DEVICE HARDENING: Disable PJL if not required; if PJL is necessary, restrict it to trusted IP ranges using printer access control lists (ACLs); (4) MONITORING: Enable printer syslog/SNMP alerts to detect repeated crash/reboot sequences indicative of exploitation attempts; (5) ALTERNATIVE: Replace devices with firmware that cannot be exploited once patches are validated and tested in a lab environment. Vendors typically release firmware patches through security bulletins; check HP Security Advisory, Xerox Support, Canon ImageRunner documentation, and Ricoh Device Gateway for specific patch versions.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today