Search criteria
15 vulnerabilities found for laserjet_4250 by hp
FKIE_CVE-2012-5221
Vulnerability from fkie_nvd - Published: 2013-04-29 21:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Directory traversal vulnerability in the PostScript Interpreter, as used on the HP LaserJet 4xxx, 5200, 90xx, M30xx, M4345, M50xx, M90xx, P3005, and P4xxx; LaserJet Enterprise P3015; Color LaserJet 3xxx, 47xx, 5550, 9500, CM60xx, CP35xx, CP4005, and CP6015; Color LaserJet Enterprise CP4xxx; and 9250c Digital Sender with model-dependent firmware through 52.x allows remote attackers to read arbitrary files via unknown vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:color_laserjet_3000:q7534a:*:*:*:*:*:*:*",
"matchCriteriaId": "5F29EB4F-23B6-4875-8205-082A2691C652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_3800:q5981a:*:*:*:*:*:*:*",
"matchCriteriaId": "84F21488-DCD7-48B9-A8A3-9631B59DB078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_4700:q7492a:*:*:*:*:*:*:*",
"matchCriteriaId": "CE7F42C9-3C34-4631-949F-CF663D263367",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_4730_mfp:cb480a:*:*:*:*:*:*:*",
"matchCriteriaId": "ED28FCCA-8127-4240-97BC-CBB075B0ABC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_5550:q3714a:*:*:*:*:*:*:*",
"matchCriteriaId": "84B6EFDF-C99F-425C-A90A-2D3E7FF0DEF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_9500_mfp:c8549a:*:*:*:*:*:*:*",
"matchCriteriaId": "83AE0FF2-987B-4649-BB62-7C8264411A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cm6030_mfp:ce664a:*:*:*:*:*:*:*",
"matchCriteriaId": "6AA57C0C-3BDB-4142-A6BC-091BDA7DFBFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cm6040_mfp:q3939a:*:*:*:*:*:*:*",
"matchCriteriaId": "F898C744-5304-4A09-AA2B-FB0807EB0E9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cp3505:cb442a:*:*:*:*:*:*:*",
"matchCriteriaId": "92C41C33-22A8-40D1-AEE0-30F1AE68ECE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cp3525:cc469a:*:*:*:*:*:*:*",
"matchCriteriaId": "3C6F8A9C-3CB7-4ED7-A429-B38756C38DF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cp4005:cb503a:*:*:*:*:*:*:*",
"matchCriteriaId": "CF9C45B9-754F-48F4-9AAB-89F6EAA75DD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cp6015:q3932a:*:*:*:*:*:*:*",
"matchCriteriaId": "E6401654-D769-4EF0-87BF-75AE3E1B2AC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_enterprise_cp4025:cc490a:*:*:*:*:*:*:*",
"matchCriteriaId": "891EEE00-61A5-4FD5-8EBB-B35B077C8BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_enterprise_cp4525:cc493a:*:*:*:*:*:*:*",
"matchCriteriaId": "B7F925A9-96FE-4F0D-ADA6-DB7A9690A0C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:digital_sender_9250c:cb472a:*:*:*:*:*:*:*",
"matchCriteriaId": "EAF4BAA8-430F-4448-A454-64FC333E5904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4240:q7785a:*:*:*:*:*:*:*",
"matchCriteriaId": "768B6070-68EB-4748-A4D2-7C99FD7A5669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4250:q5400a:*:*:*:*:*:*:*",
"matchCriteriaId": "86E90120-D1E4-4569-BCF4-6E2AE0AB04DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4345_mfp:q3942a:*:*:*:*:*:*:*",
"matchCriteriaId": "FAF59890-654A-4AEE-BF52-93E7AA796046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4350:q5407a:*:*:*:*:*:*:*",
"matchCriteriaId": "7F596D16-490E-4950-8A9B-5241906ED5B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_5200l:q7543a:*:*:*:*:*:*:*",
"matchCriteriaId": "D60111B2-DAC6-4FB1-9921-B6550CAAD4C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_5200n:q7543a:*:*:*:*:*:*:*",
"matchCriteriaId": "82F8D5DE-1D66-4F1E-B273-233814F0CC99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9040:q7697a:*:*:*:*:*:*:*",
"matchCriteriaId": "D40FF37E-F95A-429D-BC5B-F48D7C47C88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9040_mfp:q3721a:*:*:*:*:*:*:*",
"matchCriteriaId": "162B0C2C-8C9C-467D-A309-8DDA7CE72B63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9050:q7697a:*:*:*:*:*:*:*",
"matchCriteriaId": "660788B3-D2B6-4118-B443-9DE177FBE156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9050_mfp:q3721a:*:*:*:*:*:*:*",
"matchCriteriaId": "69E39058-9565-4C1B-BB71-553ECB274216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_enterprise_p3015:ce526a:*:*:*:*:*:*:*",
"matchCriteriaId": "33ABE7DA-88CD-468B-9285-FE1509BA7D68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m3027_mfp:cb416a:*:*:*:*:*:*:*",
"matchCriteriaId": "BD3A0981-F09D-47B4-B441-3497291A9413",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m3035_mfp:cb414a:*:*:*:*:*:*:*",
"matchCriteriaId": "008B528D-EBA7-4CC5-8E2F-F68D78222E45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m3035_mfp:cc519a:*:*:*:*:*:*:*",
"matchCriteriaId": "AA629824-72AF-40A5-8427-F5AFDE3AEBC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m4345_mfp:cb425a:*:*:*:*:*:*:*",
"matchCriteriaId": "D94328FB-B382-4231-8A4E-32C9AE7B8D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m5025_mfp:q7840a:*:*:*:*:*:*:*",
"matchCriteriaId": "331317DD-0827-45B0-B2B9-A3713B3AA767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m5035_mfp:q7829a:*:*:*:*:*:*:*",
"matchCriteriaId": "AC132570-AB09-41CE-A3CF-755C9791171F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m9040_mpf:cc394a:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB5A6D2-CFE3-4F7C-BD24-024D37836A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m9050_mpf:cc395a:*:*:*:*:*:*:*",
"matchCriteriaId": "E82E7BE5-3B46-47C2-A560-7C11CD8B361A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p3005:q7812a:*:*:*:*:*:*:*",
"matchCriteriaId": "98B48314-2048-4856-80DA-EA08466EF53C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p4014:cb507a:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5FE9B2-99DD-4A4F-8914-B1DC6EA3B6C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p4015:cb509a:*:*:*:*:*:*:*",
"matchCriteriaId": "F95EFE75-1428-4461-9062-56952EB96D32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p4515:cb514a:*:*:*:*:*:*:*",
"matchCriteriaId": "EACC9283-F37A-426B-9AD9-05B2F8D6325D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the PostScript Interpreter, as used on the HP LaserJet 4xxx, 5200, 90xx, M30xx, M4345, M50xx, M90xx, P3005, and P4xxx; LaserJet Enterprise P3015; Color LaserJet 3xxx, 47xx, 5550, 9500, CM60xx, CP35xx, CP4005, and CP6015; Color LaserJet Enterprise CP4xxx; and 9250c Digital Sender with model-dependent firmware through 52.x allows remote attackers to read arbitrary files via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el HP LaserJet 4xxx, 5200, 90xx, M30xx, M4345, M50xx, M90xx, P3005 y P4xxx; LaserJet Enterprise P3015; 3xxx Color LaserJet, 47xx, 5550, 9500, CM60xx, CP35xx, CP4005 y CP6015, Color LaserJet Enterprise CP4xxx y digital Sender 9250c con firmware hasta la version v52.x permite a atacantes remotos leer archivos de su elecci\u00f3n a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2012-5221",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-04-29T21:55:00.997",
"references": [
{
"source": "hp-security-alert@hp.com",
"url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1023"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03744742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03744742"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-4161
Vulnerability from fkie_nvd - Published: 2011-12-01 21:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:color_laserjet_3000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D7A20B7-2150-451C-A552-B1C6AE738B84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_3800:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBE90FAC-3E5E-482B-B948-2C973E0861AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_4700:*:*:*:*:*:*:*:*",
"matchCriteriaId": "627B437F-2941-4689-A3D0-E0037D9CB053",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_4730:mfp:*:*:*:*:*:*:*",
"matchCriteriaId": "1E6F162B-7175-452D-8D50-AC0FB87FBBAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_4730_mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12F0604C-781B-4E69-A88E-C25492CB163C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_5550:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1218222B-AC9B-430D-8948-D72F72293B38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_9500:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C77E2D0-34F7-4940-AC33-47E405006890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cm3530:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE23783E-399C-431E-802D-68D496913A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cm4540:mfp:*:*:*:*:*:*:*",
"matchCriteriaId": "A0221E32-2EA3-4652-AFEB-0F55B9D6F7BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cm4730:mfp:*:*:*:*:*:*:*",
"matchCriteriaId": "DFF6E37F-35A2-4EDD-B978-18BC51E1AFED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cm6030:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29A8A052-C159-4257-85A7-9B7EC678AAE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cm6040:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B84958A-FB55-44B7-9109-B35DFDDC3DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cp3505:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B67E71C7-6B28-4326-AFC9-8CA09532C286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cp3525:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7858A3E0-837A-4A10-9D70-99B751EEF279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cp4005:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFD2C1D0-86E9-425D-AA7D-0F8413A13166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cp5525:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAA6A25-CF6E-44FF-98EB-80CEFFB2EA01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cp6015:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5994179E-E492-45D8-95F8-790160D9A0BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_enterprise_cp4520:*:*:*:*:*:*:*:*",
"matchCriteriaId": "276340C4-D4DB-4260-B424-769AB9E0CB7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_enterprise_cp4525:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8652F3C8-D34A-4AE4-B2F0-31D636116F75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_mfp_cm8060:-:-:edgeline:*:*:*:*:*",
"matchCriteriaId": "E8D50F7A-2290-49A1-AB7B-F1FCD5035599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:digital_sender_9200c:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0408E2-B242-4697-B784-2B4B6C1EE828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:digital_sender_9250c:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1ABAE0CD-0994-4D4D-9D9D-A50898C8C1DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4240:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23DD9E6F-1F64-4643-B8E5-B3CAB5F961B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4250:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F315232A-2DBB-4BE6-AB1E-0CCB327E19E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4345_mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9ADF801E-6D02-4CDF-AA6F-9F272D341E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4350:*:*:*:*:*:*:*:*",
"matchCriteriaId": "850BE715-BC0F-4873-9A72-6AED6259FF22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_5200:*:*:*:*:*:*:*:*",
"matchCriteriaId": "977F2612-D1DE-4EAD-99ED-CF6FFD1D5B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9040:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2D74F55-65F6-4328-B553-2756A75B777E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9050:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F1FEDCF-C604-49B3-B748-03BE3193792E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_enterprise_500_color:m551:*:*:*:*:*:*:*",
"matchCriteriaId": "DDDB4B85-F5CD-45DC-A5ED-C4C9F4E6FF4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_enterprise_600:m601:*:*:*:*:*:*:*",
"matchCriteriaId": "7C4AF24A-E25B-4A2F-B7B7-67E15AAF9B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_enterprise_600:m602:*:*:*:*:*:*:*",
"matchCriteriaId": "305480EC-1C47-4B8A-8568-7CE4C617A319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_enterprise_600:m603:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFE81AF-91B0-40AE-9CF9-3820751AA9D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_enterprise_m4555:mfp:*:*:*:*:*:*:*",
"matchCriteriaId": "1EB666B7-0A2E-4256-BBD0-817617F01425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_enterprise_p3015:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ECEABADC-F719-48BF-9C28-92E09A506681",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m3035:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B2A2D06-9C06-4001-B3ED-85C28846C8A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m5035:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7FD4993-FD92-4D35-AD8D-099B76436CEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m9040:*:*:*:*:*:*:*:*",
"matchCriteriaId": "029D54F1-1849-45AB-9DD4-7768197516B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m9050:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45B98C71-FF30-44D9-904E-61676C4313F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p3005:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BED71C7-C0A7-4934-9930-1EC7C5A96584",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p4014:*:*:*:*:*:*:*:*",
"matchCriteriaId": "222D062D-1F47-4E21-9173-A5AFEEF66482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p4015:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CFBC095-00B6-48D7-AC0A-C172DD3A550B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p4515:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A71AB74-7F6B-4B0F-8C52-F12187A6788A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update."
},
{
"lang": "es",
"value": "La configuraci\u00f3n por defecto de la impresora HP CM8060 Color MFP con Edgeline, y las impresoras HP Color 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx y Enterprise CPxxxx; las Digital Sender 9200c y 9250c; LaserJet 4xxx, 5200, 90XX, Mxxxx y Pxxxx y LaserJet Enterprise 500 color M551, 600, M4555 MFP, y P3015 permite la actualizaci\u00f3n remota del firmware (RFU), lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante la apertura de una sesi\u00f3n en el puerto TCP 9100 para subir una actualizaci\u00f3n de firmware dise\u00f1ada por el atacante."
}
],
"id": "CVE-2011-4161",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-12-01T21:55:00.707",
"references": [
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://secunia.com/advisories/47063"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/717921"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://www.securityfocus.com/bid/51324"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://www.securitytracker.com/id?1026357"
},
{
"source": "hp-security-alert@hp.com",
"url": "https://lists.immunityinc.com/pipermail/dailydave/2011-November/000378.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/47063"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/717921"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/51324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1026357"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.immunityinc.com/pipermail/dailydave/2011-November/000378.html"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-0940
Vulnerability from fkie_nvd - Published: 2009-03-18 21:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that (1) print documents via unknown vectors, (2) modify the network configuration via a NetIPChange request to hp/device/config_result_YesNo.html/config, or (3) change the password via the Password and ConfirmPassword parameters to hp/device/set_config_password.html/config.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:8100c_digital_sender:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F186CB2-E079-4F2B-943F-EB8F9638C717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:9100c_digital_sender:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F8D755-0208-4081-99A2-00B0779AB285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:9200c_digital_sender:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7F76374-8890-47D1-AD4D-B8951B08A351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:9250c_digital_sender:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EED8DFB7-447D-44BE-98EF-587F6A82D521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2938ACA1-A6FA-47CD-AB05-7CF9095C7850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_1500:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91EBCE22-6268-4083-A045-0D05F7110384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_2500:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2E92501-3E8C-4E61-9B65-87A7344747E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_2500l:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16651605-4616-44F8-8401-8DD057932BBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_2500lse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8ADB9132-CEF5-47A0-AC21-BE6B7F89B166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_2500n:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEB99C79-1DB4-4545-8457-515B1F9F484B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_2500tn:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95B58AD8-F848-4286-8AB4-A8EA0372D5D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_2605dtn:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EAB5C6FD-9280-451B-ACF3-2C3AFC50BA88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_4370mfp:20081211_46.211.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7CF651-DB8F-4748-8E87-1C0173657400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_4600:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6A133B7-AEA8-4F26-8632-2CEDE9EBB66E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_4600dn:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E71E717-E71F-495E-9D86-794BF8A094D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_4600dtn:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8881544-2C06-41F2-9569-C3DCEB8F175B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_4600hdn:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13BD8FA5-17EC-4850-9970-9F472E4BE809",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_4650:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F03F783-0CFE-488A-A392-2866D56E5E6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_4700:*:*:*:*:*:*:*:*",
"matchCriteriaId": "627B437F-2941-4689-A3D0-E0037D9CB053",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_4730_mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12F0604C-781B-4E69-A88E-C25492CB163C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_5500:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBE52C54-2BF9-473A-8749-FEA31A2DEAFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_5550:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1218222B-AC9B-430D-8948-D72F72293B38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_8500:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5F3C900-81E1-467C-8D70-E70CADF484CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_8550:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD4DED7B-DDA5-4302-923F-95258C52CF52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_9500:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C77E2D0-34F7-4940-AC33-47E405006890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_9500_mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5A3DFCD-E5C1-4997-95D4-9DF50FE1EAAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_9500mfp:20070719_05.011.2:*:*:*:*:*:*:*",
"matchCriteriaId": "99FD2715-0ECB-42B9-8967-D8C80DEAC5C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_mfp_cm8050:-:-:edgeline:*:*:*:*:*",
"matchCriteriaId": "8E40ABF2-0485-47DB-92FE-FC8F630F15B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_mfp_cm8060:-:-:edgeline:*:*:*:*:*",
"matchCriteriaId": "E8D50F7A-2290-49A1-AB7B-F1FCD5035599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:digital_senders:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F654546-9F2E-4B1B-AAF6-54D799317C92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:edgeline_printers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A17E5A0-9342-49BD-BBD7-E8A90FC42EC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_1000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "322C9A6C-C3A6-4058-861C-882B68443744",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_1005:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA365AAC-C67A-43FE-A419-E3B5B0BAEA0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_1010:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7AB27B7D-AAC8-4FEC-98C4-FC613E9CA36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_1012:*:*:*:*:*:*:*:*",
"matchCriteriaId": "581AB2AA-1731-4142-822A-5F40DFA2C34F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_1015:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07DCE831-3508-4059-9579-91DA526902B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_1018:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F27B109-9BCA-4D72-A21C-B6D70F1AD7A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_1018s:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF6A641-E205-4290-97E2-34A3B3E9672C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_1020:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24FD0F5B-F181-46AC-BE66-642E4CD60FAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_1020_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07B0A4A9-60C2-4CEC-B531-50C086173DB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_1022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B05D9690-22E6-4E89-A5A7-42B28BD043DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_1022n:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3CCA67FA-E8B9-4D9E-B0F3-58B0A1B183B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_1022nw:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C09FB44-FFEE-4AB0-A2E0-C470F20733EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_1100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A25D1906-E45D-465B-B481-8C9B88FF37ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_1150:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E25BDF8F-F1B9-4A3E-A220-E72B306CF21C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_1160:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E04FA759-550C-4C08-BBF3-1B8F512DEBB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_1200:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49D562B5-09B6-4D0E-9816-4DC9C193FCBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_1300:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BB12831-81B7-4B6E-9D80-259A474F38E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_1320:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0645FD3F-1F42-4355-8430-D2B3F8740A2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52D3D3A6-7594-4306-A7C1-997328468C39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_2000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB3C0E33-D115-4BCB-818E-92E5655AB8EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_2100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "224C6B7D-DEAF-4B0D-93BA-BC5BF9517009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_2200:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C69367D0-1B9A-4615-9F4A-2F76596BA8EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_2200dtn:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A842F761-7AC1-4FE6-9D8E-D4E812971371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_2300:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB3BC003-8116-475C-8816-DCD46E0184DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_2300dn:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E8A93AE-C3A9-4714-A6FB-C855C9F439C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_2400:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A89A6F96-4A4A-4877-8E95-700CBAE663CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_2410:20070410_08.112.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1B34898C-6B9F-4DEF-9D9E-B7BA52F95A85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_2420:20070410_08.112.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3029F65D-88C0-4BC4-91D6-594474F022B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_2430:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F804968D-0241-4C20-BAAC-684BA46B67F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_2430:20070410_08.112.3:*:*:*:*:*:*:*",
"matchCriteriaId": "02BB1543-E25E-4F77-8F53-ADC38FE3B81D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_2500:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71F75D41-DFB3-4FD2-A883-BBA8964D84D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_2500c:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB83B8ED-0A0A-45C2-9A4F-BF85F97C114E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_2600c:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0F0E663-70A4-405C-B37E-60E24DDC6383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_2600n:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A10474D2-F8D9-40B8-8E19-4741BDA55A6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_3000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4042B85B-8BA8-49C8-8C72-ED4B12D10C0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_3700:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17CE1760-B9BD-4002-BA5C-0AFC4A2FBFE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7EBF17F-331F-42D1-AC33-C5F60FF1C865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4\\/4m:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96CB43B7-7CA2-4B8A-98D9-377F615F61E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4_plus\\/m_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8DBBC2B-C054-46AD-9ABD-249216ED513F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "659DFCA6-CF7D-4982-913B-6BF1B3DC5F5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4000n:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02138F3E-4F3C-4607-BBB1-98D09B3C7F41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4050:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FE6DC20-0757-4CF8-AB85-265C5264630F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "549105CC-BA47-4C39-8B8A-9CAC39266B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4100_mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE20791A-6CDA-46D0-8149-82F7D21662BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4100mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75525D7F-A881-4199-B44D-8E2D1B4809FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4200:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4993667F-9DE8-4DC9-90B1-A6D3AB6BFB0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4200dtn:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1ED01DD0-7485-48E8-96E1-598DA0981525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4200ln:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1BCFB30-7322-4ABE-9529-CC10DA54F752",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4240:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23DD9E6F-1F64-4643-B8E5-B3CAB5F961B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4240n:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42459D1C-B860-4622-BA74-C6AF5446D644",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4250:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F315232A-2DBB-4BE6-AB1E-0CCB327E19E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4250:20080319_08.015.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D180CB2E-F05A-4B9C-837B-605A00086A82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4300:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B4B141B-3358-469D-8331-88C5924763EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4345_mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9ADF801E-6D02-4CDF-AA6F-9F272D341E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4345mfp:20081211_09.131.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27CB3F95-8653-4CDB-BD81-53CA6D126512",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4350:*:*:*:*:*:*:*:*",
"matchCriteriaId": "850BE715-BC0F-4873-9A72-6AED6259FF22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4350:20080319_08.015.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2B03FD53-A1CA-4BD4-A87A-520D9782CEE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4350dtn:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ECA83D8E-3D70-4021-B9FD-F97BC8C92039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4650dn:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2681DAAE-9DD4-4F25-B947-C676F868B854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4l\\/ml:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7085C4E6-A34F-49E6-99EE-547861A25098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4m_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B0F639A-C9F6-41E4-83BD-8097659ABEDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4p\\/mp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B67CAF7-6CDC-4074-BE55-2D898F1CF3EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4si:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31DD8C9E-1738-456D-A22C-CB0C760E3712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4v\\/mv:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05A010D1-588F-4EC5-9BE2-ADA22D399D5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_5:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93BAAE8B-718E-4C6D-BAED-3F435D1C66A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_5\\/m\\/n:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26BD8388-3357-435C-8430-9D6CFE52D65A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_500_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F132B58-AF99-4E26-BEFB-C970AC9FCBB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_5000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D220CD8-FB19-424D-B223-101098BE9088",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_5000:r.25.15:*:*:*:*:*:*:*",
"matchCriteriaId": "157C92C4-2217-4A53-B70D-16D2171E7ACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_5000:r.25.47:*:*:*:*:*:*:*",
"matchCriteriaId": "776C077B-32E5-45AD-866C-9C7FBEDF9631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_5100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC0F236F-7EC3-440B-8FF4-362729EF0807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_5100:v.29.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D29E506F-B2B1-466C-9DAA-C8DFB643F036",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_5100dtn:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99A1E2E0-6832-4DE2-B793-BC8B2F3BF431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_5200:*:*:*:*:*:*:*:*",
"matchCriteriaId": "977F2612-D1DE-4EAD-99ED-CF6FFD1D5B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_5l:*:*:*:*:*:*:*:*",
"matchCriteriaId": "212422DE-F76F-4418-89E5-B3826047A852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_5m:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78907BCD-E0C8-44A0-85B7-0B5148AA8AD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_5p\\/mp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76199C42-EF30-4F0B-9D7E-5C546001888E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_5si:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8D6D65-3CA2-41E8-A8F8-B7C7BC24F962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_8000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1072358B-3C6C-45EB-83B0-22833A96741A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_8100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EC8DA70-8669-4522-BEF7-C4595E142467",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_8150:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F94DFDFD-0CEA-4EC5-8E7D-0548DCAE5563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_8150dn:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24852945-2734-468C-8DC7-5C9EBF2301FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54C64CAE-6CC4-4B92-9364-F982CDF47F99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9000_mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F0E00FE-F3DB-45C2-81AE-D7189559BD42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9000mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81556F50-ED68-4774-A208-E16286BC2F0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9040:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2D74F55-65F6-4328-B553-2756A75B777E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9040:20080204_08.110.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BA65ABF-3241-48B5-B89A-031B09B8C129",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9040mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDEA0FE9-F42F-4ECC-92E4-E404545CB0CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9040mfp:20080204_08.110.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A03C331E-BCF9-4226-ACB5-4CA4C85847F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9050:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F1FEDCF-C604-49B3-B748-03BE3193792E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9050:20080204_08.110.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D06ADE7A-F615-475F-A6FB-977D51C8BD3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9050_mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FDA57B8-2AD5-45EF-9824-E60EBFF71D86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9050mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F2623A6-2DA1-4877-A5D8-3C9001FDC648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9050mfp:20080204_08.110.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3919FF01-7E93-4F35-826D-542DFD6E85B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9055:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7381DEDB-71A9-4882-B9DA-AFDC31D907C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9065:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F48F4812-7441-428B-B44A-E85AC64330D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9500:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9755F699-E5F7-424C-B84A-119E19A1E413",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9500mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4B8D80A-5E64-4ADD-98F7-2CD913EF151B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_ii:*:*:*:*:*:*:*:*",
"matchCriteriaId": "502E0F4F-8103-431C-BDCD-07FAA44DB035",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_iid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F17C5B7-FFE3-4FE6-A4AD-3EABCF9FCE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_iii:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F0EC84F-57BB-44D0-A05D-67AE5CD6652B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_iiid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5DA3E91-824D-4167-9990-8CED8E247DBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_iiip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B46B3AA1-0D4D-418B-A36B-2B38F642F798",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_iiisi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB5EE77A-D014-4366-8D5B-251D09CC2DFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_iip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "040C7DA9-9FF6-4772-82D4-2ED2BE01D8C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_iip_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD91F67B-C52F-4AED-8E02-B955F495BD8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m1522n_mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF8D0A1B-4F76-4403-B18E-464C33169CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m3027_mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE95CC32-07DA-473D-BDAC-347B137E582A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m3035_mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEC3DE1F-AA79-4FE8-B634-368BDF14C0B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m4345_mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34E2ECB0-2335-4ABD-8326-CF935E8C4C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m5025_mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55C69873-A989-4B66-8D28-67A260EC7A4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m5035_mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEEA9582-8E01-41D3-A4D0-FA7BB2C98CC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p1000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46628FAF-9819-4A6F-93BD-39E0650930E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p1005:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8C243A3-FA2C-414D-9530-CF50E65A6D78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p1006:*:*:*:*:*:*:*:*",
"matchCriteriaId": "169C56AB-5565-4A4A-B298-B1FAC40D23CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p1007:*:*:*:*:*:*:*:*",
"matchCriteriaId": "931B6ACB-81B3-4406-834B-DFA85FC8871A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p1008:*:*:*:*:*:*:*:*",
"matchCriteriaId": "641D5E03-1FCD-4404-A37B-586262DCF863",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p1009:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F8AA6A9-855C-436C-AE9D-217598516DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p1500:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69DEDFF4-B9B1-4B31-BE32-1E44C19A5D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p1505:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C4D0A5-B51C-4122-8BB7-705474A1E709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p1505n:*:*:*:*:*:*:*:*",
"matchCriteriaId": "049D53B4-920A-4BFC-A007-1DF3648C37A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p2000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3AE3B2A8-ABE6-464B-B9E2-E1122EDEA3B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p2010:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F52C858-CFB9-4CE0-9C3C-3672F03B1850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p2015:*:*:*:*:*:*:*:*",
"matchCriteriaId": "218E5994-4BF9-4B5F-ABAE-0AB85495B8C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p2030:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2FCB0F1-6395-4B9E-99C6-9C919C62EB9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p2050:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF93B01-EEEE-4ACF-B7C0-55F17996543E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p3000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6E5576-6764-4534-A405-67B01F4018FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p3005:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BED71C7-C0A7-4934-9930-1EC7C5A96584",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p4010:*:*:*:*:*:*:*:*",
"matchCriteriaId": "612ACC73-A274-46B1-AEC6-9EBAF1E38D73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p4014:*:*:*:*:*:*:*:*",
"matchCriteriaId": "222D062D-1F47-4E21-9173-A5AFEEF66482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p4015:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CFBC095-00B6-48D7-AC0A-C172DD3A550B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p4500:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D468AA7E-BA93-4523-B6AA-B542E714A17F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p4510:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D87FDEEF-E459-4C0E-AA61-6DE9E2D73234",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that (1) print documents via unknown vectors, (2) modify the network configuration via a NetIPChange request to hp/device/config_result_YesNo.html/config, or (3) change the password via the Password and ConfirmPassword parameters to hp/device/set_config_password.html/config."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders, permiten a atacantes remotos (1) imprimir documentos mediante vectores desconocidos, (2) modificar la configuraci\u00f3n de red mediante una petici\u00f3n NetIPChange a hp/device/config_result_YesNo.html/config o (3) cambiar la contrase\u00f1a mediante los par\u00e1metros Password y ConfirmPassword a hp/device/set_config_password.html/config."
}
],
"id": "CVE-2009-0940",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-03-18T21:00:00.377",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01684566"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/52847"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/52848"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/52849"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.louhinetworks.fi/advisory/HP_20090317.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/501884/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34143"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/0754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01684566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/52847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/52848"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/52849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.louhinetworks.fi/advisory/HP_20090317.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/501884/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34143"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0754"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-0941
Vulnerability from fkie_nvd - Published: 2009-03-18 21:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
The HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders has no management password by default, which makes it easier for remote attackers to obtain access.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:8100c_digital_sender:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F186CB2-E079-4F2B-943F-EB8F9638C717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:9100c_digital_sender:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F8D755-0208-4081-99A2-00B0779AB285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:9200c_digital_sender:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7F76374-8890-47D1-AD4D-B8951B08A351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:9250c_digital_sender:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EED8DFB7-447D-44BE-98EF-587F6A82D521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2938ACA1-A6FA-47CD-AB05-7CF9095C7850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_1500:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91EBCE22-6268-4083-A045-0D05F7110384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_2500:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2E92501-3E8C-4E61-9B65-87A7344747E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_2500l:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16651605-4616-44F8-8401-8DD057932BBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_2500lse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8ADB9132-CEF5-47A0-AC21-BE6B7F89B166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_2500n:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEB99C79-1DB4-4545-8457-515B1F9F484B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_2500tn:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95B58AD8-F848-4286-8AB4-A8EA0372D5D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_2605dtn:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EAB5C6FD-9280-451B-ACF3-2C3AFC50BA88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_4370mfp:20081211_46.211.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7CF651-DB8F-4748-8E87-1C0173657400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_4600:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6A133B7-AEA8-4F26-8632-2CEDE9EBB66E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_4600dn:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E71E717-E71F-495E-9D86-794BF8A094D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_4600dtn:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8881544-2C06-41F2-9569-C3DCEB8F175B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_4600hdn:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13BD8FA5-17EC-4850-9970-9F472E4BE809",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_4650:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F03F783-0CFE-488A-A392-2866D56E5E6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_4700:*:*:*:*:*:*:*:*",
"matchCriteriaId": "627B437F-2941-4689-A3D0-E0037D9CB053",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_4730_mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12F0604C-781B-4E69-A88E-C25492CB163C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_5500:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBE52C54-2BF9-473A-8749-FEA31A2DEAFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_5550:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1218222B-AC9B-430D-8948-D72F72293B38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_8500:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5F3C900-81E1-467C-8D70-E70CADF484CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_8550:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD4DED7B-DDA5-4302-923F-95258C52CF52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_9500:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C77E2D0-34F7-4940-AC33-47E405006890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_9500_mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5A3DFCD-E5C1-4997-95D4-9DF50FE1EAAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_9500mfp:20070719_05.011.2:*:*:*:*:*:*:*",
"matchCriteriaId": "99FD2715-0ECB-42B9-8967-D8C80DEAC5C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_mfp_cm8050:-:-:edgeline:*:*:*:*:*",
"matchCriteriaId": "8E40ABF2-0485-47DB-92FE-FC8F630F15B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_mfp_cm8060:-:-:edgeline:*:*:*:*:*",
"matchCriteriaId": "E8D50F7A-2290-49A1-AB7B-F1FCD5035599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:digital_senders:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F654546-9F2E-4B1B-AAF6-54D799317C92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:edgeline_printers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A17E5A0-9342-49BD-BBD7-E8A90FC42EC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_1000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "322C9A6C-C3A6-4058-861C-882B68443744",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_1005:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA365AAC-C67A-43FE-A419-E3B5B0BAEA0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_1010:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7AB27B7D-AAC8-4FEC-98C4-FC613E9CA36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_1012:*:*:*:*:*:*:*:*",
"matchCriteriaId": "581AB2AA-1731-4142-822A-5F40DFA2C34F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_1015:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07DCE831-3508-4059-9579-91DA526902B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_1018:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F27B109-9BCA-4D72-A21C-B6D70F1AD7A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_1018s:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF6A641-E205-4290-97E2-34A3B3E9672C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_1020:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24FD0F5B-F181-46AC-BE66-642E4CD60FAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_1020_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07B0A4A9-60C2-4CEC-B531-50C086173DB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_1022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B05D9690-22E6-4E89-A5A7-42B28BD043DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_1022n:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3CCA67FA-E8B9-4D9E-B0F3-58B0A1B183B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_1022nw:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C09FB44-FFEE-4AB0-A2E0-C470F20733EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_1100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A25D1906-E45D-465B-B481-8C9B88FF37ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_1150:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E25BDF8F-F1B9-4A3E-A220-E72B306CF21C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_1160:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E04FA759-550C-4C08-BBF3-1B8F512DEBB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_1200:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49D562B5-09B6-4D0E-9816-4DC9C193FCBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_1300:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BB12831-81B7-4B6E-9D80-259A474F38E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_1320:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0645FD3F-1F42-4355-8430-D2B3F8740A2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52D3D3A6-7594-4306-A7C1-997328468C39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_2000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB3C0E33-D115-4BCB-818E-92E5655AB8EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_2100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "224C6B7D-DEAF-4B0D-93BA-BC5BF9517009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_2200:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C69367D0-1B9A-4615-9F4A-2F76596BA8EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_2200dtn:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A842F761-7AC1-4FE6-9D8E-D4E812971371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_2300:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB3BC003-8116-475C-8816-DCD46E0184DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_2300dn:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E8A93AE-C3A9-4714-A6FB-C855C9F439C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_2400:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A89A6F96-4A4A-4877-8E95-700CBAE663CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_2410:20070410_08.112.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1B34898C-6B9F-4DEF-9D9E-B7BA52F95A85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_2420:20070410_08.112.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3029F65D-88C0-4BC4-91D6-594474F022B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_2430:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F804968D-0241-4C20-BAAC-684BA46B67F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_2430:20070410_08.112.3:*:*:*:*:*:*:*",
"matchCriteriaId": "02BB1543-E25E-4F77-8F53-ADC38FE3B81D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_2500:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71F75D41-DFB3-4FD2-A883-BBA8964D84D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_2500c:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB83B8ED-0A0A-45C2-9A4F-BF85F97C114E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_2600c:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0F0E663-70A4-405C-B37E-60E24DDC6383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_2600n:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A10474D2-F8D9-40B8-8E19-4741BDA55A6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_3000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4042B85B-8BA8-49C8-8C72-ED4B12D10C0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_3700:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17CE1760-B9BD-4002-BA5C-0AFC4A2FBFE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7EBF17F-331F-42D1-AC33-C5F60FF1C865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4\\/4m:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96CB43B7-7CA2-4B8A-98D9-377F615F61E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4_plus\\/m_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8DBBC2B-C054-46AD-9ABD-249216ED513F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "659DFCA6-CF7D-4982-913B-6BF1B3DC5F5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4000n:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02138F3E-4F3C-4607-BBB1-98D09B3C7F41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4050:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FE6DC20-0757-4CF8-AB85-265C5264630F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "549105CC-BA47-4C39-8B8A-9CAC39266B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4100_mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE20791A-6CDA-46D0-8149-82F7D21662BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4100mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75525D7F-A881-4199-B44D-8E2D1B4809FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4200:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4993667F-9DE8-4DC9-90B1-A6D3AB6BFB0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4200dtn:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1ED01DD0-7485-48E8-96E1-598DA0981525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4200ln:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1BCFB30-7322-4ABE-9529-CC10DA54F752",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4240:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23DD9E6F-1F64-4643-B8E5-B3CAB5F961B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4240n:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42459D1C-B860-4622-BA74-C6AF5446D644",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4250:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F315232A-2DBB-4BE6-AB1E-0CCB327E19E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4250:20080319_08.015.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D180CB2E-F05A-4B9C-837B-605A00086A82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4300:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B4B141B-3358-469D-8331-88C5924763EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4345_mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9ADF801E-6D02-4CDF-AA6F-9F272D341E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4345mfp:20081211_09.131.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27CB3F95-8653-4CDB-BD81-53CA6D126512",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4350:*:*:*:*:*:*:*:*",
"matchCriteriaId": "850BE715-BC0F-4873-9A72-6AED6259FF22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4350:20080319_08.015.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2B03FD53-A1CA-4BD4-A87A-520D9782CEE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4350dtn:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ECA83D8E-3D70-4021-B9FD-F97BC8C92039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4650dn:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2681DAAE-9DD4-4F25-B947-C676F868B854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4l\\/ml:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7085C4E6-A34F-49E6-99EE-547861A25098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4m_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B0F639A-C9F6-41E4-83BD-8097659ABEDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4p\\/mp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B67CAF7-6CDC-4074-BE55-2D898F1CF3EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4si:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31DD8C9E-1738-456D-A22C-CB0C760E3712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4v\\/mv:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05A010D1-588F-4EC5-9BE2-ADA22D399D5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_5:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93BAAE8B-718E-4C6D-BAED-3F435D1C66A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_5\\/m\\/n:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26BD8388-3357-435C-8430-9D6CFE52D65A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_500_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F132B58-AF99-4E26-BEFB-C970AC9FCBB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_5000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D220CD8-FB19-424D-B223-101098BE9088",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_5000:r.25.15:*:*:*:*:*:*:*",
"matchCriteriaId": "157C92C4-2217-4A53-B70D-16D2171E7ACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_5000:r.25.47:*:*:*:*:*:*:*",
"matchCriteriaId": "776C077B-32E5-45AD-866C-9C7FBEDF9631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_5100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC0F236F-7EC3-440B-8FF4-362729EF0807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_5100:v.29.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D29E506F-B2B1-466C-9DAA-C8DFB643F036",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_5100dtn:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99A1E2E0-6832-4DE2-B793-BC8B2F3BF431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_5200:*:*:*:*:*:*:*:*",
"matchCriteriaId": "977F2612-D1DE-4EAD-99ED-CF6FFD1D5B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_5l:*:*:*:*:*:*:*:*",
"matchCriteriaId": "212422DE-F76F-4418-89E5-B3826047A852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_5m:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78907BCD-E0C8-44A0-85B7-0B5148AA8AD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_5p\\/mp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76199C42-EF30-4F0B-9D7E-5C546001888E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_5si:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8D6D65-3CA2-41E8-A8F8-B7C7BC24F962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_8000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1072358B-3C6C-45EB-83B0-22833A96741A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_8100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EC8DA70-8669-4522-BEF7-C4595E142467",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_8150:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F94DFDFD-0CEA-4EC5-8E7D-0548DCAE5563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_8150dn:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24852945-2734-468C-8DC7-5C9EBF2301FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54C64CAE-6CC4-4B92-9364-F982CDF47F99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9000_mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F0E00FE-F3DB-45C2-81AE-D7189559BD42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9000mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81556F50-ED68-4774-A208-E16286BC2F0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9040:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2D74F55-65F6-4328-B553-2756A75B777E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9040:20080204_08.110.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BA65ABF-3241-48B5-B89A-031B09B8C129",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9040mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDEA0FE9-F42F-4ECC-92E4-E404545CB0CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9040mfp:20080204_08.110.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A03C331E-BCF9-4226-ACB5-4CA4C85847F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9050:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F1FEDCF-C604-49B3-B748-03BE3193792E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9050:20080204_08.110.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D06ADE7A-F615-475F-A6FB-977D51C8BD3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9050_mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FDA57B8-2AD5-45EF-9824-E60EBFF71D86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9050mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F2623A6-2DA1-4877-A5D8-3C9001FDC648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9050mfp:20080204_08.110.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3919FF01-7E93-4F35-826D-542DFD6E85B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9055:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7381DEDB-71A9-4882-B9DA-AFDC31D907C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9065:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F48F4812-7441-428B-B44A-E85AC64330D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9500:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9755F699-E5F7-424C-B84A-119E19A1E413",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9500mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4B8D80A-5E64-4ADD-98F7-2CD913EF151B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_ii:*:*:*:*:*:*:*:*",
"matchCriteriaId": "502E0F4F-8103-431C-BDCD-07FAA44DB035",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_iid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F17C5B7-FFE3-4FE6-A4AD-3EABCF9FCE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_iii:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F0EC84F-57BB-44D0-A05D-67AE5CD6652B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_iiid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5DA3E91-824D-4167-9990-8CED8E247DBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_iiip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B46B3AA1-0D4D-418B-A36B-2B38F642F798",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_iiisi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB5EE77A-D014-4366-8D5B-251D09CC2DFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_iip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "040C7DA9-9FF6-4772-82D4-2ED2BE01D8C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_iip_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD91F67B-C52F-4AED-8E02-B955F495BD8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m1522n_mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF8D0A1B-4F76-4403-B18E-464C33169CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m3027_mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE95CC32-07DA-473D-BDAC-347B137E582A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m3035_mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEC3DE1F-AA79-4FE8-B634-368BDF14C0B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m4345_mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34E2ECB0-2335-4ABD-8326-CF935E8C4C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m5025_mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55C69873-A989-4B66-8D28-67A260EC7A4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_m5035_mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEEA9582-8E01-41D3-A4D0-FA7BB2C98CC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p1000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46628FAF-9819-4A6F-93BD-39E0650930E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p1005:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8C243A3-FA2C-414D-9530-CF50E65A6D78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p1006:*:*:*:*:*:*:*:*",
"matchCriteriaId": "169C56AB-5565-4A4A-B298-B1FAC40D23CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p1007:*:*:*:*:*:*:*:*",
"matchCriteriaId": "931B6ACB-81B3-4406-834B-DFA85FC8871A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p1008:*:*:*:*:*:*:*:*",
"matchCriteriaId": "641D5E03-1FCD-4404-A37B-586262DCF863",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p1009:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F8AA6A9-855C-436C-AE9D-217598516DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p1500:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69DEDFF4-B9B1-4B31-BE32-1E44C19A5D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p1505:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C4D0A5-B51C-4122-8BB7-705474A1E709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p1505n:*:*:*:*:*:*:*:*",
"matchCriteriaId": "049D53B4-920A-4BFC-A007-1DF3648C37A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p2000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3AE3B2A8-ABE6-464B-B9E2-E1122EDEA3B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p2010:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F52C858-CFB9-4CE0-9C3C-3672F03B1850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p2015:*:*:*:*:*:*:*:*",
"matchCriteriaId": "218E5994-4BF9-4B5F-ABAE-0AB85495B8C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p2030:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2FCB0F1-6395-4B9E-99C6-9C919C62EB9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p2050:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF93B01-EEEE-4ACF-B7C0-55F17996543E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p3000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6E5576-6764-4534-A405-67B01F4018FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p3005:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BED71C7-C0A7-4934-9930-1EC7C5A96584",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p4010:*:*:*:*:*:*:*:*",
"matchCriteriaId": "612ACC73-A274-46B1-AEC6-9EBAF1E38D73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p4014:*:*:*:*:*:*:*:*",
"matchCriteriaId": "222D062D-1F47-4E21-9173-A5AFEEF66482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p4015:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CFBC095-00B6-48D7-AC0A-C172DD3A550B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p4500:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D468AA7E-BA93-4523-B6AA-B542E714A17F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p4510:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D87FDEEF-E459-4C0E-AA61-6DE9E2D73234",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders has no management password by default, which makes it easier for remote attackers to obtain access."
},
{
"lang": "es",
"value": "El HP Embedded Web Server (EWS) en HP LaserJet Printers, Edgeline Printers, y Digital Senders no tiene contrase\u00f1a de administraci\u00f3n por defecto, lo que facilita a atacantes remotos el obtener acceso."
}
],
"id": "CVE-2009-0941",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-03-18T21:00:00.390",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01684566"
},
{
"source": "cve@mitre.org",
"url": "http://www.louhinetworks.fi/advisory/HP_20090317.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/501884/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/0754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01684566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.louhinetworks.fi/advisory/HP_20090317.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/501884/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0754"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-4419
Vulnerability from fkie_nvd - Published: 2009-02-05 00:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Directory traversal vulnerability in the HP JetDirect web administration interface in the HP-ChaiSOE 1.0 embedded web server on the LaserJet 9040mfp, LaserJet 9050mfp, and Color LaserJet 9500mfp before firmware 08.110.9; LaserJet 4345mfp and 9200C Digital Sender before firmware 09.120.9; Color LaserJet 4730mfp before firmware 46.200.9; LaserJet 2410, LaserJet 2420, and LaserJet 2430 before firmware 20080819 SPCL112A; LaserJet 4250 and LaserJet 4350 before firmware 20080819 SPCL015A; and LaserJet 9040 and LaserJet 9050 before firmware 20080819 SPCL110A allows remote attackers to read arbitrary files via directory traversal sequences in the URI.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | 9200c_digital_sender | * | |
| hp | color_laserjet_4370mfp | * | |
| hp | color_laserjet_9500mfp | * | |
| hp | laserjet_2410 | * | |
| hp | laserjet_2420 | * | |
| hp | laserjet_2430 | * | |
| hp | laserjet_4250 | * | |
| hp | laserjet_4345mfp | * | |
| hp | laserjet_4350 | * | |
| hp | laserjet_9040 | * | |
| hp | laserjet_9040mfp | * | |
| hp | laserjet_9050 | * | |
| hp | laserjet_9050mfp | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:9200c_digital_sender:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2594CCB-56FF-48C0-BF61-889FDD6C68CC",
"versionEndIncluding": "20081211_09.131.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_4370mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "996C40A5-CD3F-4ACD-976E-8CFCD1DCCCB2",
"versionEndIncluding": "20081211_46.211.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_9500mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6447E7F-F306-4816-B819-53D62D95DD55",
"versionEndIncluding": "20070719_05.011.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_2410:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72129DA7-5E88-4EC5-A9FB-DE6EBA3B9A84",
"versionEndIncluding": "20070410_08.112.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_2420:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54D703D0-E487-4E4C-BFA1-FCD4373DC9FC",
"versionEndIncluding": "20070410_08.112.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_2430:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7135DAB9-491F-4BD1-9E6A-EA488F2BA4F0",
"versionEndIncluding": "20070410_08.112.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4250:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA9F39FD-7909-49D0-8723-B5FD3291680E",
"versionEndIncluding": "20080319_08.015.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4345mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F08C1653-F7B8-4092-9149-1EE8EDBB79C4",
"versionEndIncluding": "20081211_09.131.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4350:*:*:*:*:*:*:*:*",
"matchCriteriaId": "543D9E70-DAC8-4A5F-8E51-8A3176C82A33",
"versionEndIncluding": "20080319_08.015.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9040:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96E54FBF-5BC1-4159-8B5A-4DDD6B54B173",
"versionEndIncluding": "20080204_08.110.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9040mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1E305FE-BCA6-4F4A-B7E7-51DB5A428B3F",
"versionEndIncluding": "20080204_08.110.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9050:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BCCD098A-6089-4E21-A791-832F0D65798A",
"versionEndIncluding": "20080204_08.110.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_9050mfp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8FC52430-4FAC-458C-8391-FE0997C6C596",
"versionEndIncluding": "20080204_08.110.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the HP JetDirect web administration interface in the HP-ChaiSOE 1.0 embedded web server on the LaserJet 9040mfp, LaserJet 9050mfp, and Color LaserJet 9500mfp before firmware 08.110.9; LaserJet 4345mfp and 9200C Digital Sender before firmware 09.120.9; Color LaserJet 4730mfp before firmware 46.200.9; LaserJet 2410, LaserJet 2420, and LaserJet 2430 before firmware 20080819 SPCL112A; LaserJet 4250 and LaserJet 4350 before firmware 20080819 SPCL015A; and LaserJet 9040 and LaserJet 9050 before firmware 20080819 SPCL110A allows remote attackers to read arbitrary files via directory traversal sequences in the URI."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en la interfaz de administraci\u00f3n Web HP JetDirect en el servidor web empotrado HP-ChaiSOE v1.0 en las LaserJet 9040mfp, LaserJet 9050mfp y Color LaserJet 9500mfp anteriores al software empotrado 08.110.9; LaserJet 4345mfp y 9200C Digital Sender anteriores al software empotrado 09.120.9; Color LaserJet 4730mfp anterior al software empotrado 46.200.9; LaserJet 2410, LaserJet 2420 y LaserJet 2430 anterior al software empotrado 20080819 SPCL112A; LaserJet 4250 y LaserJet 4350 anterior al software empotrado 20080819 SPCL015A; y LaserJet 9040 y LaserJet 9050 anterior al software empotrado 20080819 SPCL110A; permite a atacantes remotos leer ficheros arbitrario a trav\u00e9s de secuencias de salto de directorio en el URI."
}
],
"id": "CVE-2008-4419",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-02-05T00:30:00.203",
"references": [
{
"source": "cve@mitre.org",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01623905"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33779"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/500657/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/33611"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021687"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/0341"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01623905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33779"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/500657/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/33611"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021687"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0341"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2012-5221 (GCVE-0-2012-5221)
Vulnerability from cvelistv5 – Published: 2013-04-29 21:00 – Updated: 2024-08-06 20:58
VLAI?
Summary
Directory traversal vulnerability in the PostScript Interpreter, as used on the HP LaserJet 4xxx, 5200, 90xx, M30xx, M4345, M50xx, M90xx, P3005, and P4xxx; LaserJet Enterprise P3015; Color LaserJet 3xxx, 47xx, 5550, 9500, CM60xx, CP35xx, CP4005, and CP6015; Color LaserJet Enterprise CP4xxx; and 9250c Digital Sender with model-dependent firmware through 52.x allows remote attackers to read arbitrary files via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:58:03.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "HPSBPI02869",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03744742"
},
{
"name": "SSRT100936",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03744742"
},
{
"name": "20130426 Hewlett-Packard Multiple Printers PostScript Interpreter Directory Traversal Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1023"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the PostScript Interpreter, as used on the HP LaserJet 4xxx, 5200, 90xx, M30xx, M4345, M50xx, M90xx, P3005, and P4xxx; LaserJet Enterprise P3015; Color LaserJet 3xxx, 47xx, 5550, 9500, CM60xx, CP35xx, CP4005, and CP6015; Color LaserJet Enterprise CP4xxx; and 9250c Digital Sender with model-dependent firmware through 52.x allows remote attackers to read arbitrary files via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-23T21:57:01",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"name": "HPSBPI02869",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03744742"
},
{
"name": "SSRT100936",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03744742"
},
{
"name": "20130426 Hewlett-Packard Multiple Printers PostScript Interpreter Directory Traversal Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1023"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2012-5221",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the PostScript Interpreter, as used on the HP LaserJet 4xxx, 5200, 90xx, M30xx, M4345, M50xx, M90xx, P3005, and P4xxx; LaserJet Enterprise P3015; Color LaserJet 3xxx, 47xx, 5550, 9500, CM60xx, CP35xx, CP4005, and CP6015; Color LaserJet Enterprise CP4xxx; and 9250c Digital Sender with model-dependent firmware through 52.x allows remote attackers to read arbitrary files via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBPI02869",
"refsource": "HP",
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03744742"
},
{
"name": "SSRT100936",
"refsource": "HP",
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03744742"
},
{
"name": "20130426 Hewlett-Packard Multiple Printers PostScript Interpreter Directory Traversal Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1023"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2012-5221",
"datePublished": "2013-04-29T21:00:00",
"dateReserved": "2012-10-01T00:00:00",
"dateUpdated": "2024-08-06T20:58:03.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4161 (GCVE-0-2011-4161)
Vulnerability from cvelistv5 – Published: 2011-12-01 21:00 – Updated: 2024-08-07 00:01
VLAI?
Summary
The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:01:50.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#717921",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/717921"
},
{
"name": "HPSBPI02728",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112"
},
{
"name": "SSRT100692",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say"
},
{
"name": "47063",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47063"
},
{
"name": "1026357",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026357"
},
{
"name": "51324",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51324"
},
{
"name": "[dailydave] 20111130 The Vampire Diaries",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.immunityinc.com/pipermail/dailydave/2011-November/000378.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-02T10:00:00",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"name": "VU#717921",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/717921"
},
{
"name": "HPSBPI02728",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112"
},
{
"name": "SSRT100692",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say"
},
{
"name": "47063",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47063"
},
{
"name": "1026357",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026357"
},
{
"name": "51324",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51324"
},
{
"name": "[dailydave] 20111130 The Vampire Diaries",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.immunityinc.com/pipermail/dailydave/2011-November/000378.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2011-4161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#717921",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/717921"
},
{
"name": "HPSBPI02728",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"name": "http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112",
"refsource": "MISC",
"url": "http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112"
},
{
"name": "SSRT100692",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"name": "http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say",
"refsource": "MISC",
"url": "http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say"
},
{
"name": "47063",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47063"
},
{
"name": "1026357",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026357"
},
{
"name": "51324",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51324"
},
{
"name": "[dailydave] 20111130 The Vampire Diaries",
"refsource": "MLIST",
"url": "https://lists.immunityinc.com/pipermail/dailydave/2011-November/000378.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2011-4161",
"datePublished": "2011-12-01T21:00:00",
"dateReserved": "2011-10-21T00:00:00",
"dateUpdated": "2024-08-07T00:01:50.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0940 (GCVE-0-2009-0940)
Vulnerability from cvelistv5 – Published: 2009-03-18 20:35 – Updated: 2024-08-07 04:57
VLAI?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that (1) print documents via unknown vectors, (2) modify the network configuration via a NetIPChange request to hp/device/config_result_YesNo.html/config, or (3) change the password via the Password and ConfirmPassword parameters to hp/device/set_config_password.html/config.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:57:17.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-0754",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0754"
},
{
"name": "HPSN-2009-001",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01684566"
},
{
"name": "52848",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/52848"
},
{
"name": "34143",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34143"
},
{
"name": "52849",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/52849"
},
{
"name": "20090316 HP Laserjet multiple models web management CSRF vulnerability \u0026 insecure default configuration",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/501884/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.louhinetworks.fi/advisory/HP_20090317.txt"
},
{
"name": "52847",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/52847"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that (1) print documents via unknown vectors, (2) modify the network configuration via a NetIPChange request to hp/device/config_result_YesNo.html/config, or (3) change the password via the Password and ConfirmPassword parameters to hp/device/set_config_password.html/config."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-0754",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0754"
},
{
"name": "HPSN-2009-001",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01684566"
},
{
"name": "52848",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/52848"
},
{
"name": "34143",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34143"
},
{
"name": "52849",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/52849"
},
{
"name": "20090316 HP Laserjet multiple models web management CSRF vulnerability \u0026 insecure default configuration",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/501884/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.louhinetworks.fi/advisory/HP_20090317.txt"
},
{
"name": "52847",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/52847"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0940",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that (1) print documents via unknown vectors, (2) modify the network configuration via a NetIPChange request to hp/device/config_result_YesNo.html/config, or (3) change the password via the Password and ConfirmPassword parameters to hp/device/set_config_password.html/config."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-0754",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0754"
},
{
"name": "HPSN-2009-001",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01684566"
},
{
"name": "52848",
"refsource": "OSVDB",
"url": "http://osvdb.org/52848"
},
{
"name": "34143",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34143"
},
{
"name": "52849",
"refsource": "OSVDB",
"url": "http://osvdb.org/52849"
},
{
"name": "20090316 HP Laserjet multiple models web management CSRF vulnerability \u0026 insecure default configuration",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/501884/100/0/threaded"
},
{
"name": "http://www.louhinetworks.fi/advisory/HP_20090317.txt",
"refsource": "MISC",
"url": "http://www.louhinetworks.fi/advisory/HP_20090317.txt"
},
{
"name": "52847",
"refsource": "OSVDB",
"url": "http://osvdb.org/52847"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0940",
"datePublished": "2009-03-18T20:35:00",
"dateReserved": "2009-03-18T00:00:00",
"dateUpdated": "2024-08-07T04:57:17.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0941 (GCVE-0-2009-0941)
Vulnerability from cvelistv5 – Published: 2009-03-18 20:35 – Updated: 2024-08-07 04:57
VLAI?
Summary
The HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders has no management password by default, which makes it easier for remote attackers to obtain access.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:57:17.352Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-0754",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0754"
},
{
"name": "HPSN-2009-001",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01684566"
},
{
"name": "20090316 HP Laserjet multiple models web management CSRF vulnerability \u0026 insecure default configuration",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/501884/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.louhinetworks.fi/advisory/HP_20090317.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders has no management password by default, which makes it easier for remote attackers to obtain access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-0754",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0754"
},
{
"name": "HPSN-2009-001",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01684566"
},
{
"name": "20090316 HP Laserjet multiple models web management CSRF vulnerability \u0026 insecure default configuration",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/501884/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.louhinetworks.fi/advisory/HP_20090317.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0941",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders has no management password by default, which makes it easier for remote attackers to obtain access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-0754",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0754"
},
{
"name": "HPSN-2009-001",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01684566"
},
{
"name": "20090316 HP Laserjet multiple models web management CSRF vulnerability \u0026 insecure default configuration",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/501884/100/0/threaded"
},
{
"name": "http://www.louhinetworks.fi/advisory/HP_20090317.txt",
"refsource": "MISC",
"url": "http://www.louhinetworks.fi/advisory/HP_20090317.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0941",
"datePublished": "2009-03-18T20:35:00",
"dateReserved": "2009-03-18T00:00:00",
"dateUpdated": "2024-08-07T04:57:17.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4419 (GCVE-0-2008-4419)
Vulnerability from cvelistv5 – Published: 2009-02-05 00:00 – Updated: 2024-08-07 10:17
VLAI?
Summary
Directory traversal vulnerability in the HP JetDirect web administration interface in the HP-ChaiSOE 1.0 embedded web server on the LaserJet 9040mfp, LaserJet 9050mfp, and Color LaserJet 9500mfp before firmware 08.110.9; LaserJet 4345mfp and 9200C Digital Sender before firmware 09.120.9; Color LaserJet 4730mfp before firmware 46.200.9; LaserJet 2410, LaserJet 2420, and LaserJet 2430 before firmware 20080819 SPCL112A; LaserJet 4250 and LaserJet 4350 before firmware 20080819 SPCL015A; and LaserJet 9040 and LaserJet 9050 before firmware 20080819 SPCL110A allows remote attackers to read arbitrary files via directory traversal sequences in the URI.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:17:09.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33779",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33779"
},
{
"name": "33611",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33611"
},
{
"name": "20090204 DDIVRT-2008-19 HP JetDirect Web Administration Directory Traversal",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/500657/100/0/threaded"
},
{
"name": "1021687",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021687"
},
{
"name": "ADV-2009-0341",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0341"
},
{
"name": "SSRT080166",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01623905"
},
{
"name": "HPSBPI02398",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01623905"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the HP JetDirect web administration interface in the HP-ChaiSOE 1.0 embedded web server on the LaserJet 9040mfp, LaserJet 9050mfp, and Color LaserJet 9500mfp before firmware 08.110.9; LaserJet 4345mfp and 9200C Digital Sender before firmware 09.120.9; Color LaserJet 4730mfp before firmware 46.200.9; LaserJet 2410, LaserJet 2420, and LaserJet 2430 before firmware 20080819 SPCL112A; LaserJet 4250 and LaserJet 4350 before firmware 20080819 SPCL015A; and LaserJet 9040 and LaserJet 9050 before firmware 20080819 SPCL110A allows remote attackers to read arbitrary files via directory traversal sequences in the URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33779",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33779"
},
{
"name": "33611",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33611"
},
{
"name": "20090204 DDIVRT-2008-19 HP JetDirect Web Administration Directory Traversal",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/500657/100/0/threaded"
},
{
"name": "1021687",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021687"
},
{
"name": "ADV-2009-0341",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0341"
},
{
"name": "SSRT080166",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01623905"
},
{
"name": "HPSBPI02398",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01623905"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4419",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the HP JetDirect web administration interface in the HP-ChaiSOE 1.0 embedded web server on the LaserJet 9040mfp, LaserJet 9050mfp, and Color LaserJet 9500mfp before firmware 08.110.9; LaserJet 4345mfp and 9200C Digital Sender before firmware 09.120.9; Color LaserJet 4730mfp before firmware 46.200.9; LaserJet 2410, LaserJet 2420, and LaserJet 2430 before firmware 20080819 SPCL112A; LaserJet 4250 and LaserJet 4350 before firmware 20080819 SPCL015A; and LaserJet 9040 and LaserJet 9050 before firmware 20080819 SPCL110A allows remote attackers to read arbitrary files via directory traversal sequences in the URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33779",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33779"
},
{
"name": "33611",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33611"
},
{
"name": "20090204 DDIVRT-2008-19 HP JetDirect Web Administration Directory Traversal",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500657/100/0/threaded"
},
{
"name": "1021687",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021687"
},
{
"name": "ADV-2009-0341",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0341"
},
{
"name": "SSRT080166",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01623905"
},
{
"name": "HPSBPI02398",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01623905"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4419",
"datePublished": "2009-02-05T00:00:00",
"dateReserved": "2008-10-03T00:00:00",
"dateUpdated": "2024-08-07T10:17:09.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5221 (GCVE-0-2012-5221)
Vulnerability from nvd – Published: 2013-04-29 21:00 – Updated: 2024-08-06 20:58
VLAI?
Summary
Directory traversal vulnerability in the PostScript Interpreter, as used on the HP LaserJet 4xxx, 5200, 90xx, M30xx, M4345, M50xx, M90xx, P3005, and P4xxx; LaserJet Enterprise P3015; Color LaserJet 3xxx, 47xx, 5550, 9500, CM60xx, CP35xx, CP4005, and CP6015; Color LaserJet Enterprise CP4xxx; and 9250c Digital Sender with model-dependent firmware through 52.x allows remote attackers to read arbitrary files via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:58:03.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "HPSBPI02869",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03744742"
},
{
"name": "SSRT100936",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03744742"
},
{
"name": "20130426 Hewlett-Packard Multiple Printers PostScript Interpreter Directory Traversal Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1023"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the PostScript Interpreter, as used on the HP LaserJet 4xxx, 5200, 90xx, M30xx, M4345, M50xx, M90xx, P3005, and P4xxx; LaserJet Enterprise P3015; Color LaserJet 3xxx, 47xx, 5550, 9500, CM60xx, CP35xx, CP4005, and CP6015; Color LaserJet Enterprise CP4xxx; and 9250c Digital Sender with model-dependent firmware through 52.x allows remote attackers to read arbitrary files via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-23T21:57:01",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"name": "HPSBPI02869",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03744742"
},
{
"name": "SSRT100936",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03744742"
},
{
"name": "20130426 Hewlett-Packard Multiple Printers PostScript Interpreter Directory Traversal Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1023"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2012-5221",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the PostScript Interpreter, as used on the HP LaserJet 4xxx, 5200, 90xx, M30xx, M4345, M50xx, M90xx, P3005, and P4xxx; LaserJet Enterprise P3015; Color LaserJet 3xxx, 47xx, 5550, 9500, CM60xx, CP35xx, CP4005, and CP6015; Color LaserJet Enterprise CP4xxx; and 9250c Digital Sender with model-dependent firmware through 52.x allows remote attackers to read arbitrary files via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBPI02869",
"refsource": "HP",
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03744742"
},
{
"name": "SSRT100936",
"refsource": "HP",
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03744742"
},
{
"name": "20130426 Hewlett-Packard Multiple Printers PostScript Interpreter Directory Traversal Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1023"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2012-5221",
"datePublished": "2013-04-29T21:00:00",
"dateReserved": "2012-10-01T00:00:00",
"dateUpdated": "2024-08-06T20:58:03.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4161 (GCVE-0-2011-4161)
Vulnerability from nvd – Published: 2011-12-01 21:00 – Updated: 2024-08-07 00:01
VLAI?
Summary
The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:01:50.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#717921",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/717921"
},
{
"name": "HPSBPI02728",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112"
},
{
"name": "SSRT100692",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say"
},
{
"name": "47063",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47063"
},
{
"name": "1026357",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026357"
},
{
"name": "51324",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51324"
},
{
"name": "[dailydave] 20111130 The Vampire Diaries",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.immunityinc.com/pipermail/dailydave/2011-November/000378.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-02T10:00:00",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"name": "VU#717921",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/717921"
},
{
"name": "HPSBPI02728",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112"
},
{
"name": "SSRT100692",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say"
},
{
"name": "47063",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47063"
},
{
"name": "1026357",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026357"
},
{
"name": "51324",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51324"
},
{
"name": "[dailydave] 20111130 The Vampire Diaries",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.immunityinc.com/pipermail/dailydave/2011-November/000378.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2011-4161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#717921",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/717921"
},
{
"name": "HPSBPI02728",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"name": "http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112",
"refsource": "MISC",
"url": "http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112"
},
{
"name": "SSRT100692",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449"
},
{
"name": "http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say",
"refsource": "MISC",
"url": "http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say"
},
{
"name": "47063",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47063"
},
{
"name": "1026357",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026357"
},
{
"name": "51324",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51324"
},
{
"name": "[dailydave] 20111130 The Vampire Diaries",
"refsource": "MLIST",
"url": "https://lists.immunityinc.com/pipermail/dailydave/2011-November/000378.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2011-4161",
"datePublished": "2011-12-01T21:00:00",
"dateReserved": "2011-10-21T00:00:00",
"dateUpdated": "2024-08-07T00:01:50.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0940 (GCVE-0-2009-0940)
Vulnerability from nvd – Published: 2009-03-18 20:35 – Updated: 2024-08-07 04:57
VLAI?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that (1) print documents via unknown vectors, (2) modify the network configuration via a NetIPChange request to hp/device/config_result_YesNo.html/config, or (3) change the password via the Password and ConfirmPassword parameters to hp/device/set_config_password.html/config.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:57:17.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-0754",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0754"
},
{
"name": "HPSN-2009-001",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01684566"
},
{
"name": "52848",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/52848"
},
{
"name": "34143",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34143"
},
{
"name": "52849",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/52849"
},
{
"name": "20090316 HP Laserjet multiple models web management CSRF vulnerability \u0026 insecure default configuration",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/501884/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.louhinetworks.fi/advisory/HP_20090317.txt"
},
{
"name": "52847",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/52847"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that (1) print documents via unknown vectors, (2) modify the network configuration via a NetIPChange request to hp/device/config_result_YesNo.html/config, or (3) change the password via the Password and ConfirmPassword parameters to hp/device/set_config_password.html/config."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-0754",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0754"
},
{
"name": "HPSN-2009-001",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01684566"
},
{
"name": "52848",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/52848"
},
{
"name": "34143",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34143"
},
{
"name": "52849",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/52849"
},
{
"name": "20090316 HP Laserjet multiple models web management CSRF vulnerability \u0026 insecure default configuration",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/501884/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.louhinetworks.fi/advisory/HP_20090317.txt"
},
{
"name": "52847",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/52847"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0940",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that (1) print documents via unknown vectors, (2) modify the network configuration via a NetIPChange request to hp/device/config_result_YesNo.html/config, or (3) change the password via the Password and ConfirmPassword parameters to hp/device/set_config_password.html/config."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-0754",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0754"
},
{
"name": "HPSN-2009-001",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01684566"
},
{
"name": "52848",
"refsource": "OSVDB",
"url": "http://osvdb.org/52848"
},
{
"name": "34143",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34143"
},
{
"name": "52849",
"refsource": "OSVDB",
"url": "http://osvdb.org/52849"
},
{
"name": "20090316 HP Laserjet multiple models web management CSRF vulnerability \u0026 insecure default configuration",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/501884/100/0/threaded"
},
{
"name": "http://www.louhinetworks.fi/advisory/HP_20090317.txt",
"refsource": "MISC",
"url": "http://www.louhinetworks.fi/advisory/HP_20090317.txt"
},
{
"name": "52847",
"refsource": "OSVDB",
"url": "http://osvdb.org/52847"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0940",
"datePublished": "2009-03-18T20:35:00",
"dateReserved": "2009-03-18T00:00:00",
"dateUpdated": "2024-08-07T04:57:17.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0941 (GCVE-0-2009-0941)
Vulnerability from nvd – Published: 2009-03-18 20:35 – Updated: 2024-08-07 04:57
VLAI?
Summary
The HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders has no management password by default, which makes it easier for remote attackers to obtain access.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:57:17.352Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-0754",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0754"
},
{
"name": "HPSN-2009-001",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01684566"
},
{
"name": "20090316 HP Laserjet multiple models web management CSRF vulnerability \u0026 insecure default configuration",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/501884/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.louhinetworks.fi/advisory/HP_20090317.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders has no management password by default, which makes it easier for remote attackers to obtain access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-0754",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0754"
},
{
"name": "HPSN-2009-001",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01684566"
},
{
"name": "20090316 HP Laserjet multiple models web management CSRF vulnerability \u0026 insecure default configuration",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/501884/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.louhinetworks.fi/advisory/HP_20090317.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0941",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders has no management password by default, which makes it easier for remote attackers to obtain access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-0754",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0754"
},
{
"name": "HPSN-2009-001",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01684566"
},
{
"name": "20090316 HP Laserjet multiple models web management CSRF vulnerability \u0026 insecure default configuration",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/501884/100/0/threaded"
},
{
"name": "http://www.louhinetworks.fi/advisory/HP_20090317.txt",
"refsource": "MISC",
"url": "http://www.louhinetworks.fi/advisory/HP_20090317.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0941",
"datePublished": "2009-03-18T20:35:00",
"dateReserved": "2009-03-18T00:00:00",
"dateUpdated": "2024-08-07T04:57:17.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4419 (GCVE-0-2008-4419)
Vulnerability from nvd – Published: 2009-02-05 00:00 – Updated: 2024-08-07 10:17
VLAI?
Summary
Directory traversal vulnerability in the HP JetDirect web administration interface in the HP-ChaiSOE 1.0 embedded web server on the LaserJet 9040mfp, LaserJet 9050mfp, and Color LaserJet 9500mfp before firmware 08.110.9; LaserJet 4345mfp and 9200C Digital Sender before firmware 09.120.9; Color LaserJet 4730mfp before firmware 46.200.9; LaserJet 2410, LaserJet 2420, and LaserJet 2430 before firmware 20080819 SPCL112A; LaserJet 4250 and LaserJet 4350 before firmware 20080819 SPCL015A; and LaserJet 9040 and LaserJet 9050 before firmware 20080819 SPCL110A allows remote attackers to read arbitrary files via directory traversal sequences in the URI.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:17:09.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33779",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33779"
},
{
"name": "33611",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33611"
},
{
"name": "20090204 DDIVRT-2008-19 HP JetDirect Web Administration Directory Traversal",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/500657/100/0/threaded"
},
{
"name": "1021687",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021687"
},
{
"name": "ADV-2009-0341",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0341"
},
{
"name": "SSRT080166",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01623905"
},
{
"name": "HPSBPI02398",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01623905"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the HP JetDirect web administration interface in the HP-ChaiSOE 1.0 embedded web server on the LaserJet 9040mfp, LaserJet 9050mfp, and Color LaserJet 9500mfp before firmware 08.110.9; LaserJet 4345mfp and 9200C Digital Sender before firmware 09.120.9; Color LaserJet 4730mfp before firmware 46.200.9; LaserJet 2410, LaserJet 2420, and LaserJet 2430 before firmware 20080819 SPCL112A; LaserJet 4250 and LaserJet 4350 before firmware 20080819 SPCL015A; and LaserJet 9040 and LaserJet 9050 before firmware 20080819 SPCL110A allows remote attackers to read arbitrary files via directory traversal sequences in the URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33779",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33779"
},
{
"name": "33611",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33611"
},
{
"name": "20090204 DDIVRT-2008-19 HP JetDirect Web Administration Directory Traversal",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/500657/100/0/threaded"
},
{
"name": "1021687",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021687"
},
{
"name": "ADV-2009-0341",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0341"
},
{
"name": "SSRT080166",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01623905"
},
{
"name": "HPSBPI02398",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01623905"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4419",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the HP JetDirect web administration interface in the HP-ChaiSOE 1.0 embedded web server on the LaserJet 9040mfp, LaserJet 9050mfp, and Color LaserJet 9500mfp before firmware 08.110.9; LaserJet 4345mfp and 9200C Digital Sender before firmware 09.120.9; Color LaserJet 4730mfp before firmware 46.200.9; LaserJet 2410, LaserJet 2420, and LaserJet 2430 before firmware 20080819 SPCL112A; LaserJet 4250 and LaserJet 4350 before firmware 20080819 SPCL015A; and LaserJet 9040 and LaserJet 9050 before firmware 20080819 SPCL110A allows remote attackers to read arbitrary files via directory traversal sequences in the URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33779",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33779"
},
{
"name": "33611",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33611"
},
{
"name": "20090204 DDIVRT-2008-19 HP JetDirect Web Administration Directory Traversal",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500657/100/0/threaded"
},
{
"name": "1021687",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021687"
},
{
"name": "ADV-2009-0341",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0341"
},
{
"name": "SSRT080166",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01623905"
},
{
"name": "HPSBPI02398",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01623905"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4419",
"datePublished": "2009-02-05T00:00:00",
"dateReserved": "2008-10-03T00:00:00",
"dateUpdated": "2024-08-07T10:17:09.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}