Some HP LaserJet models may reveal your network data

Network administrators using some models of HP LaserJet networked printers may have to download and install patches from HP soonest, lest their printers leak valuable network data to would-be attackers.

Security researcher Michal Sajdak of Securitum.pl said some networked HP LaserJet printers have hidden URLs hard-coded in the firmware.

"The URLs are not authenticated and can be used to extract admin password in plain text – among other information like Wi-Fi settings (including WPS PIN)," Sajdak said.

Among the models affected are:

Sajdak also noted the passwords stored in the printer are not encrypted and can be extracted "regardless of (the password's) complexity."

Worse, Sadjak said that if a printer is Wi-Fi enabled, "...some Wi-Fi info can be obtained."

Sadjak's blog post indicated HP was notified last April 19, and released the firmware updates on July 26 before Sadjak disclosed the vulnerabilities on Aug. 2. — LBG, GMA News