HP DeskJet All-in-One Devices Buffer Overflow Vulnerability in Web Services for Devices Scanning Protocol Allowing Remote Code Execution

Vulnerability

A buffer overflow vulnerability has been identified in certain HP DeskJet All-in-One devices. This issue may allow remote code execution when Web Services for Devices (WSD) scan requests are improperly validated and managed. WSD is a Microsoft Windows-based protocol that enables PCs to discover scanners and multifunction printers (MFPs) on a network and send scan jobs to them without needing vendor-specific drivers or utilities.

Impact

Exploitation of this vulnerability could lead to remote code execution on the affected device.

Added: Apr 15, 2026, 3:38 PM

Updated: Apr 15, 2026, 3:38 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.3

remediation

0.0

relevance

6.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.3

remediation

0.0

relevance

6.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HP DeskJet All-in-One Devices Buffer Overflow Vulnerability in Web Services for Devices Scanning Protocol Allowing Remote Code Execution

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating