Skip to main content

M9l70a Firmware

5 CVEs product

Monthly

CVE-2026-1997 MEDIUM This Month

HP OfficeJet Pro printers (D9l18a, D9l20a, D9l21a, D9l63a firmware) are vulnerable to information disclosure through CORS misconfiguration when administrators enable the feature on the Embedded Web Server. An unauthenticated remote attacker can exploit this to access sensitive device resources from untrusted web origins. CORS remains disabled by default as a mitigation, but organizations that have explicitly enabled it should apply patches when available.

CSRF HP J3p68a Firmware J6x78a Firmware T0g56a Firmware +38
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-1996 MEDIUM This Month

HP OfficeJet Pro printers running affected firmware versions are susceptible to denial of service attacks through malformed Internet Printing Protocol (IPP) requests that prevent proper TCP connection establishment. An unauthenticated remote attacker can trigger this condition to disrupt printer availability, though no patch is currently available to mitigate the vulnerability.

Denial Of Service M9l70a Firmware J6x77a Firmware T0g47a Firmware J6x76a Firmware +13
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2022-28722 CRITICAL Act Now

Certain HP Print Products are potentially vulnerable to Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Buffer Overflow P4C78A Firmware P4C85A Firmware T3P03A Firmware +96
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2018-5925 HIGH POC THREAT This Week

A security vulnerability has been identified with certain HP Inkjet printers. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

HP RCE Buffer Overflow T8X44 Firmware 3Aw51A Firmware +268
NVD
CVSS 3.0
7.8
EPSS
10.9%
CVE-2018-5924 CRITICAL Act Now

A security vulnerability has been identified with certain HP Inkjet printers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Memory Corruption RCE Buffer Overflow T8X44 Firmware +269
NVD
CVSS 3.0
9.8
EPSS
12.2%
EPSS 0% CVSS 5.3
MEDIUM This Month

HP OfficeJet Pro printers (D9l18a, D9l20a, D9l21a, D9l63a firmware) are vulnerable to information disclosure through CORS misconfiguration when administrators enable the feature on the Embedded Web Server. An unauthenticated remote attacker can exploit this to access sensitive device resources from untrusted web origins. CORS remains disabled by default as a mitigation, but organizations that have explicitly enabled it should apply patches when available.

CSRF HP J3p68a Firmware +40
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

HP OfficeJet Pro printers running affected firmware versions are susceptible to denial of service attacks through malformed Internet Printing Protocol (IPP) requests that prevent proper TCP connection establishment. An unauthenticated remote attacker can trigger this condition to disrupt printer availability, though no patch is currently available to mitigate the vulnerability.

Denial Of Service M9l70a Firmware J6x77a Firmware +15
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Certain HP Print Products are potentially vulnerable to Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Buffer Overflow P4C78A Firmware +98
NVD
EPSS 11% CVSS 7.8
HIGH POC THREAT This Week

A security vulnerability has been identified with certain HP Inkjet printers. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

HP RCE Buffer Overflow +270
NVD
EPSS 12% CVSS 9.8
CRITICAL Act Now

A security vulnerability has been identified with certain HP Inkjet printers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Memory Corruption RCE +271
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy