CVE-2024-5749
📋 TL;DR
This vulnerability in certain HP DesignJet printers allows attackers to view SMTP server credentials through credential reflection. Attackers could potentially intercept or steal email server authentication details. Organizations using affected HP DesignJet printers with SMTP configuration are at risk.
💻 Affected Systems
- HP DesignJet T650, T650 36-in, T650 42-in, T650 44-in, T650 60-in, T650 24-in, T650 24-in Printer, T650 36-in Printer, T650 42-in Printer, T650 44-in Printer, T650 60-in Printer
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain SMTP server credentials, enabling email spoofing, phishing campaigns, or unauthorized email sending from the organization's infrastructure.
Likely Case
Internal attackers or those with network access capture SMTP credentials, potentially using them for spam campaigns or credential reuse attacks.
If Mitigated
With proper network segmentation and access controls, impact is limited to potential credential exposure without ability to use them externally.
🎯 Exploit Status
Credential reflection typically involves simple HTTP requests to vulnerable endpoints that return credentials in responses.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Firmware version 4.7.0.1 or later
Vendor Advisory: https://support.hp.com/us-en/document/ish_11428772-11428805-16/hpsbpi03979
Restart Required: Yes
Instructions:
1. Download firmware 4.7.0.1 or later from HP support site. 2. Upload firmware to printer via web interface or USB. 3. Install firmware update. 4. Reboot printer after installation completes.
🔧 Temporary Workarounds
Disable SMTP Configuration
allRemove or disable SMTP server configuration on affected printers
Access printer web interface > Settings > Network > Email > Disable SMTP configuration
Network Segmentation
allIsolate printers to separate VLAN with restricted access
🧯 If You Can't Patch
- Disable SMTP functionality on all affected printers
- Implement strict network access controls to limit who can communicate with printer management interfaces
🔍 How to Verify
Check if Vulnerable:
Check firmware version in printer web interface: Settings > System > About. If version is below 4.7.0.1 and SMTP is configured, system is vulnerable.Check Version:
curl -s http://printer-ip/hp/device/this.LCDispatcher | grep -i firmwareVerify Fix Applied:
Confirm firmware version is 4.7.0.1 or later in printer web interface and verify SMTP credentials are no longer exposed in HTTP responses.📡 Detection & Monitoring
Log Indicators:
- Unusual HTTP requests to printer management interfaces
- Multiple failed authentication attempts to printer web interface
Network Indicators:
- HTTP traffic to printer endpoints that typically return credential data
- Unusual outbound SMTP traffic from printer network segment
SIEM Query:
source="printer_logs" AND (uri="*smtp*" OR uri="*credential*" OR uri="*password*")