The vulnerabilities have been assigned following numbers : CVE-2015-5367 CVE-2015-5368 SSRT101965 The vulnerability listed under CVE-2015-5367 allows a potential attacker to exploit this flaw to obtain the root permission, access the system by connecting the serial port, and view or modify configuration. The upgrade package of the HP lt4112 LTE/HSPA+ Gobi 4G wireless module contains the hash values of the root account and password. An attacker can obtain the password of the root account through reverse cracking. The module provides a debugging serial port at the rear for troubleshooting, opening a way for physical cracking by hackers. The hackers can connect to the serial port of the wireless module, and enter the root account and password to log in to the operating system of the module. While the CVE-2015-5368 allows an attacker to tamper with the upgrade package, leading to an upgrade failure or the upgrade of an incorrect package. As a result, services may become unavailable. This module implements upgrade check using CRC16, which is insecure. Much study is done for reversely cracking this algorithm. Hackers may change or add a code segment to the upgrade file, recalculate a CRC value, and tamper with the firmware of this module through CRC check during upgrade. The vulnerabilities exists in the HP lt4112 LTE/HSPA+ Gobi 4G Module which is used by HP PCs/Laptops and Notebooks to connect the users to 3G/4G/LTE radios. According the the listing, the following HP PCs/Laptops and Notebooks are vulnerable to this flaw : HP EliteBook 725 G2 HP EliteBook 745 G1 HP EliteBook 755 G2 HP EliteBook 820 G1 HP EliteBook 820 G2 HP EliteBook 840 G1 HP EliteBook 840 G2 HP EliteBook 850 G1 HP EliteBook 850 G2 HP EliteBook 1040 G1 HP EliteBook 1040 G2 HP EliteBook Folio 9470m HP EliteBook Revolve 810 G2 HP EliteBook Revolve 810 G3 HP ElitePad 1000 G2 HP Elite x2 1011 G2 HP ProBook 430 G1 HP ProBook 430 G2 HP ProBook 440 G0 HP ProBook 440 G1 HP ProBook 440 G2 HP ProBook 450 G0 HP ProBook 450 G1 HP ProBook 450 G2 HP ProBook 640 G1 HP ProBook 645 G1 HP ProBook 650 G1 HP ProBook 655 G1 HP Pro x2 612 G1 HP Spectre x2 13-SMB Pro HP ZBook 14 HP ZBook 14 G2 HP ZBook 15 HP ZBook 15 G2 HP ZBook 15u HP ZBook 17 HP Zbook 17 G2 mt41 Thin Client Users of above HP products are advised to update their firmware following the below method To acquire the firmware updates, go to hp.com Resource : HP Software Security Response Team