CVE-2023-4694
📋 TL;DR
HP OfficeJet Pro printers are vulnerable to Denial of Service attacks when a SOAP message with a body but no header is sent to TCP port 3911. This vulnerability allows attackers to crash or disrupt printer services, affecting organizations using these specific HP printer models.
💻 Affected Systems
- HP OfficeJet Pro printers
📦 What is this software?
Officejet Pro 8730 D9l19a Firmware by Hp
View all CVEs affecting Officejet Pro 8730 D9l19a Firmware →
Officejet Pro 8730 J7a28a Firmware by Hp
View all CVEs affecting Officejet Pro 8730 J7a28a Firmware →
Officejet Pro 8730 J7a29a Firmware by Hp
View all CVEs affecting Officejet Pro 8730 J7a29a Firmware →
Officejet Pro 8730 J7a31a Firmware by Hp
View all CVEs affecting Officejet Pro 8730 J7a31a Firmware →
Officejet Pro 8730 K7s34a Firmware by Hp
View all CVEs affecting Officejet Pro 8730 K7s34a Firmware →
Officejet Pro 8730 K7s35a Firmware by Hp
View all CVEs affecting Officejet Pro 8730 K7s35a Firmware →
Officejet Pro 8730 K7s36a Firmware by Hp
View all CVEs affecting Officejet Pro 8730 K7s36a Firmware →
Officejet Pro 8730 M9l74a Firmware by Hp
View all CVEs affecting Officejet Pro 8730 M9l74a Firmware →
Officejet Pro 8730 M9l75a Firmware by Hp
View all CVEs affecting Officejet Pro 8730 M9l75a Firmware →
Officejet Pro 8730 M9l76a Firmware by Hp
View all CVEs affecting Officejet Pro 8730 M9l76a Firmware →
⚠️ Risk & Real-World Impact
Worst Case
Printer becomes completely unresponsive, requiring physical power cycle or service intervention to restore functionality, disrupting printing operations.
Likely Case
Temporary service disruption where printer stops responding to network requests until rebooted.
If Mitigated
Minimal impact if printers are behind firewalls with restricted access to port 3911.
🎯 Exploit Status
Exploitation requires sending crafted SOAP message to port 3911, which is trivial for attackers with network access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Firmware updates - check HP advisory for specific versions
Vendor Advisory: https://support.hp.com/us-en/document/ish_9823639-9823677-16/hpsbpi03894
Restart Required: Yes
Instructions:
1. Visit HP support site 2. Enter printer model 3. Download latest firmware 4. Install via printer web interface or USB 5. Reboot printer
🔧 Temporary Workarounds
Network Segmentation
allRestrict access to printer port 3911 using firewall rules
Port Blocking
allBlock TCP port 3911 at network perimeter
🧯 If You Can't Patch
- Implement network segmentation to isolate printers from untrusted networks
- Monitor for unusual traffic on port 3911 and implement rate limiting
🔍 How to Verify
Check if Vulnerable:
Check printer model against HP advisory list and verify firmware versionCheck Version:
Access printer web interface > Settings > System > Firmware VersionVerify Fix Applied:
Verify firmware version is updated to patched version from HP advisory📡 Detection & Monitoring
Log Indicators:
- Printer service crashes
- Unusual SOAP requests on port 3911
Network Indicators:
- Malformed SOAP packets to port 3911
- Multiple connection attempts to printer port 3911
SIEM Query:
destination_port:3911 AND protocol:TCP AND (packet_size < 100 OR contains(malformed, soap))