Описание
Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that (1) print documents via unknown vectors, (2) modify the network configuration via a NetIPChange request to hp/device/config_result_YesNo.html/config, or (3) change the password via the Password and ConfirmPassword parameters to hp/device/set_config_password.html/config.
Ссылки
- Vendor Advisory
- Exploit
- Vendor Advisory
- Exploit
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:h:hp:8100c_digital_sender:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:9100c_digital_sender:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:9200c_digital_sender:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:9250c_digital_sender:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_1500:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_2500:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_2500l:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_2500lse:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_2500n:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_2500tn:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_2605dtn:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_4370mfp:20081211_46.211.2:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_4600:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_4600dn:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_4600dtn:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_4600hdn:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_4650:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_4700:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_4730_mfp:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_5500:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_5550:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_8500:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_8550:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_9500:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_9500_mfp:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_9500mfp:20070719_05.011.2:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_mfp_cm8050:-:-:edgeline:*:*:*:*:*
cpe:2.3:h:hp:color_mfp_cm8060:-:-:edgeline:*:*:*:*:*
cpe:2.3:h:hp:digital_senders:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:edgeline_printers:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_1000:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_1005:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_1010:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_1012:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_1015:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_1018:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_1018s:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_1020:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_1020_plus:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_1022:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_1022n:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_1022nw:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_1100:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_1150:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_1160:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_1200:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_1300:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_1320:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_2:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_2000:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_2100:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_2200:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_2200dtn:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_2300:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_2300dn:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_2400:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_2410:20070410_08.112.3:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_2420:20070410_08.112.3:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_2430:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_2430:20070410_08.112.3:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_2500:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_2500c:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_2600c:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_2600n:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_3000:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_3700:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4\/4m:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4_plus\/m_plus:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4000:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4000n:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4050:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4100:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4100_mfp:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4100mfp:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4200:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4200dtn:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4200ln:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4240:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4240n:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4250:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4250:20080319_08.015.0:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4300:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4345_mfp:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4345mfp:20081211_09.131.1:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4350:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4350:20080319_08.015.0:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4350dtn:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4650dn:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4l\/ml:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4m_plus:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4p\/mp:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4si:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4v\/mv:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_5:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_5\/m\/n:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_500_plus:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_5000:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_5000:r.25.15:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_5000:r.25.47:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_5100:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_5100:v.29.12:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_5100dtn:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_5200:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_5l:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_5m:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_5p\/mp:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_5si:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_8000:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_8100:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_8150:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_8150dn:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_9000:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_9000_mfp:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_9000mfp:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_9040:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_9040:20080204_08.110.0:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_9040mfp:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_9040mfp:20080204_08.110.0:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_9050:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_9050:20080204_08.110.0:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_9050_mfp:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_9050mfp:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_9050mfp:20080204_08.110.0:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_9055:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_9065:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_9500:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_9500mfp:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_ii:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_iid:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_iii:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_iiid:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_iiip:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_iiisi:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_iip:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_iip_plus:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_m1522n_mfp:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_m3027_mfp:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_m3035_mfp:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_m4345_mfp:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_m5025_mfp:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_m5035_mfp:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_p1000:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_p1005:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_p1006:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_p1007:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_p1008:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_p1009:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_p1500:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_p1505:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_p1505n:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_p2000:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_p2010:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_p2015:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_p2030:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_p2050:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_p3000:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_p3005:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_p4010:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_p4014:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_p4015:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_p4500:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_p4510:*:*:*:*:*:*:*:*
EPSS
Процентиль: 74%
0.00837
Низкий
5.1 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
github
почти 4 года назад
Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that (1) print documents via unknown vectors, (2) modify the network configuration via a NetIPChange request to hp/device/config_result_YesNo.html/config, or (3) change the password via the Password and ConfirmPassword parameters to hp/device/set_config_password.html/config.
EPSS
Процентиль: 74%
0.00837
Низкий
5.1 Medium
CVSS2
Дефекты
CWE-352