Solved: Critical Security Bulletin - Jan 16 2018 -- Applicability to... - HP Support Community

jclarkw · ‎01-19-2018

Confused about Applicability of "SUPPORT COMMUNICATION- SECURITY BULLETIN" HPSBPI03574 rev. 1:

I just received an email as titled and dated above. When I follow the link, I find a table that lists my printer's model, B5L25A, as affected and directs me to a download site for a critical firmware update. But under my printer nothing is listed more recent than Dec 13, 2017, and even that talks about "FutureSmart," whatever that is.

My printer is on a wired ethernet but does not have wireless capability, and the bulletin appears to apply to "WPA, WPA2 Key Reinstallation Attacks." Is any of this in fact relevant to me? -- jclarkw

sabretooth04 · ‎01-20-2018

OK, let's try this again. Since your printer is connected via LAN cable and the wireless is disabled, this should not be an issue for the printer.

However, the issue is with connected wireless computers to your router(s). This is where you need to focus to see if your router is vulnerable. I checked my TP Link Archer C7 and it is not vulnerable to this issue.

If this printer is in your home connected via LAN or USB, I would not worry about it.

Others with more knowledge may jump in here.

View solution in original post

sabretooth04 · ‎01-20-2018

OK, let's try this again. Since your printer is connected via LAN cable and the wireless is disabled, this should not be an issue for the printer.

However, the issue is with connected wireless computers to your router(s). This is where you need to focus to see if your router is vulnerable. I checked my TP Link Archer C7 and it is not vulnerable to this issue.

If this printer is in your home connected via LAN or USB, I would not worry about it.

Others with more knowledge may jump in here.

jclarkw · ‎01-20-2018

OK, this time it showed up here.

Thanks about the printer. It is on a home wired LAN. I checked its Administration page, and it seems to have no wireless capability. Perhaps I didn't pay for that option?

The other part about checking wireless routers is of more concern. Of course my old D-Link DIR 645 (to which the printer is wired) has wireless turned on (WPA2 PSK), and the last installed firmware update is from August, 2015, but I don't know how to check it for this vulnerability. (I now see that there is another firmware release dated November, 2017, but it just fixes an "Unauthorized Remote Command Execution.")

Not really relevant to this forum, but how did you check your router? -- jclarkw

sabretooth04 · ‎01-20-2018

First, it's not really a big concern for home routers as not too many folks sit outside your house trying to hack your network. Plenty of open networks to hack anywhere else.

I just went to my router manufacturers web page and they had a statement there. Besides, Windows has released a fix for the issue for computers so that will help.

sabretooth04 · ‎01-20-2018

Looks like your router does have a firmware update for this.

http://support.dlink.com/ProductInfo.aspx?m=DIR-645

jclarkw · ‎01-20-2018

I guess you must mean FW1.06.B01 BETA02? The description ("Unauthorized Remote Command Execution") didn't sound relevant, but I had just discovered it after your previous warning and was planning to install it anyhow. Thanks again! -- jclarkw

sabretooth04 · ‎01-20-2018

Yeah pretty much. I downloaded it and it was a firmware .zip file.

Critical Security Bulletin - Jan 16 2018 -- Applicability to M553dn?

Create an account on the HP Community to personalize your profile and ask a question