CVE-2020-28416

Name: CVE-2020-28416
Creator: NVD / NIST
Published: 2021-11-03T20:15:08.143+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.8/10EPSS 0.37%

Last modified Jun 17, 2026

CVE-2020-28416 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. HP has identified a security vulnerability with the I.R.I.S. OCR (Optical Character Recognition) software available with HP PageWide and OfficeJet printer software installations that could potentially allow unauthorized local code execution.. EPSS estimates a 0.37% chance of exploitation in the next 30 days.

Description

HP has identified a security vulnerability with the I.R.I.S. OCR (Optical Character Recognition) software available with HP PageWide and OfficeJet printer software installations that could potentially allow unauthorized local code execution.

Metrics

CVSS 3.1

7.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.37%

28.4th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Hp	Officejet 4650 E6g87a Firmware	< 40.11.1122
Hp	Officejet 4650 F1h96a Firmware	< 40.11.1122
Hp	Officejet 4650 F1h96b Firmware	< 40.11.1122
Hp	Officejet 4650 F1j03a Firmware	< 40.11.1122
Hp	Officejet 4650 F1j04a Firmware	< 40.11.1122
Hp	Officejet 4650 F9d37a Firmware	< 40.11.1122
Hp	Officejet 4650 K9v77a Firmware	< 40.11.1122
Hp	Officejet 4650 K9v85b Firmware	< 40.11.1122
Hp	Officejet 4651 K9v83b Firmware	< 40.11.1122
Hp	Officejet 4652 F1j02a Firmware	< 40.11.1122
Hp	Officejet 4652 F1j05b Firmware	< 40.11.1122
Hp	Officejet 4652 K9v84b Firmware	< 40.11.1122
Hp	Officejet 4654 F1j06b Firmware	< 40.11.1122
Hp	Officejet 4654 F1j07b Firmware	< 40.11.1122
Hp	Officejet 4654 K9v76a Firmware	< 40.11.1122
Hp	Officejet 4655 F1j00a Firmware	< 40.11.1122
Hp	Officejet 4655 K9v82b Firmware	< 40.11.1122
Hp	Officejet 4656 K9v81b Firmware	< 40.11.1122
Hp	Officejet 4657 V6d27b Firmware	< 40.11.1122
Hp	Officejet 4657 V6d29b Firmware	< 40.11.1122
Hp	Officejet 4658 V6d28b Firmware	< 40.11.1122
Hp	Officejet 4658 V6d30b Firmware	< 40.11.1122
Hp	Officejet Pro 7740 G5j38a Firmware	< 40.12.1161
Hp	Officejet Pro 7745 T1p99a Firmware	< 40.12.1161
Hp	Pagewide Pro 577dw D3q21a Firmware	< 38.9.1948
Hp	Pagewide Pro 577dw D3q21b Firmware	< 38.9.1948
Hp	Pagewide Pro 577dw D3q21c Firmware	< 38.9.1948
Hp	Pagewide Pro 577dw D3q21d Firmware	< 38.9.1948
Hp	Pagewide Pro 477dn D3q19a Firmware	< 38.9.1948
Hp	Pagewide Pro 477dn D3q19b Firmware	< 38.9.1948
Hp	Pagewide Pro 477dn D3q19d Firmware	< 38.9.1948
Hp	Pagewide Pro 477dw D3q20a Firmware	< 38.9.1948
Hp	Pagewide Pro 477dw D3q20b Firmware	< 38.9.1948
Hp	Pagewide Pro 477dw D3q20c Firmware	< 38.9.1948
Hp	Pagewide Pro 477dw D3q20d Firmware	< 38.9.1948
Hp	Pagewide Pro 477dw W2z53b Firmware	< 38.9.1948
Hp	Pagewide 377dw J9v80a Firmware	< 39.6.1999
Hp	Pagewide 377dw J9v80b Firmware	< 39.6.1999
Hp	Pagewide Managed P57750dw 9v82a Firmware	< 39.6.2002
Hp	Pagewide Managed P57750dw J9v82b Firmware	< 39.6.2002
Hp	Pagewide Managed P57750dw J9v82c Firmware	< 39.6.2002
Hp	Pagewide Managed P57750dw J9v82d Firmware	< 39.6.2002
Hp	Pagewide Managed P52750dw J9v78b Firmware	< 39.6.2002
Hp	Officejet Pro 6960 T0g25a Firmware	< 40.11.1150
Hp	Officejet Pro 6960 T0g26a Firmware	< 40.11.1150
Hp	Officejet Pro 6960 J7k33a Firmware	< 40.11.1150
Hp	Officejet Pro 6960 T0f30a Firmware	< 40.11.1150
Hp	Officejet Pro 6960 T0f32a Firmware	< 40.11.1150
Hp	Officejet Pro 6960 T0f38a Firmware	< 40.11.1150
Hp	Officejet Pro 6960 T0f31a Firmware	< 40.11.1150

Showing 50 of 155 affected configurations. See NVD for the full list.

References

https://support.hp.com/us-en/document/c07051163Vendor Advisory
https://support.hp.com/us-en/document/c07051163Vendor Advisory

Timeline

Published: Nov 3, 2021
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-28416?

How severe is CVE-2020-28416?

CVE-2020-28416 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 0.37% probability of exploitation in the next 30 days.

How do I fix CVE-2020-28416?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-28416?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST