Researchers have discovered several vulnerabilities affecting at least 150 multi-function (print, scan, fax) printers made by Hewlett Packard. HP has released fixes for the vulnerabilities in the form of firmware updates for two of the most critical flaws on November 1, 2021. The first one (CVE-2021-39237) could lead to potential information disclosure. The second one (CVE-2021-39238) is a buffer overflow vulnerability, which is a lot more severe, having a CVSS score of 9.3. Exploiting it gives threat actors a way to remote code execution.

Source: bleepingcomputer.com