cbcvebase.
CVE-2017-2750
published 2018-01-23

CVE-2017-2750: Insufficient Solution DLL Signature Validation allows potential execution of arbitrary code in HP LaserJet Enterprise printers, HP PageWide Enterprise…

PriorityP260critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
10.11%
95.1th percentile
Insufficient Solution DLL Signature Validation allows potential execution of arbitrary code in HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP OfficeJet Enterprise printers before 2308937_578479, 2405087_018548, and other firmware versions.

Affected

243 ranges· showing 25
VendorProductVersion rangeFixed in
hpa2w75a_firmware< 2405129_0000542405129_000054
hpa2w75a_firmware< 2308937_5784942308937_578494
hpa2w76a_firmware< 2405129_0000542405129_000054
hpa2w76a_firmware< 2308937_5784942308937_578494
hpa2w77a_firmware< 2405129_0000572405129_000057
hpa2w77a_firmware< 2308937_5784992308937_578499
hpa2w78a_firmware< 2405129_0000572405129_000057
hpa2w78a_firmware< 2308937_5784992308937_578499
hpa2w79a_firmware< 2405129_0000572405129_000057
hpa2w79a_firmware< 2308937_5784992308937_578499
hpb3g84a_firmware< 2405129_0000402405129_000040
hpb3g84a_firmware< 2308937_5784792308937_578479
hpb3g85a_firmware< 2308937_5784792308937_578479
hpb3g85a_firmware< 2405129_0000402405129_000040
hpb3g86a_firmware< 2405129_0000402405129_000040
hpb3g86a_firmware< 2308937_5784792308937_578479
hpb5l04a_firmware< 2405129_0000502405129_000050
hpb5l04a_firmware< 2308937_5784832308937_578483
hpb5l04v_firmware< 2405129_0000502405129_000050
hpb5l04v_firmware< 2308937_5784832308937_578483
hpb5l05a_firmware< 2405129_0000502405129_000050
hpb5l05a_firmware< 2308937_5784832308937_578483
hpb5l05v_firmware< 2405129_0000502405129_000050
hpb5l05v_firmware< 2308937_5784832308937_578483
hpb5l06a_firmware< 2405129_0000502405129_000050

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.