Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
Vulnerability
CVE-2009-0941
Published:
2009-03-18
Modified:
2012-02-13
Description:
The HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders has no management password by default, which makes it easier for remote attackers to obtain access.
See advisories in our WLB2 database:
Topic
Author
Date
Med.
HP Laserjet multiple models web management CSRF
Henri Lindberg
18.03.2009
Type:
CWE-264
(Permissions, Privileges, and Access Controls)
CVSS2
=> (AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Base Score
Impact Subscore
Exploitability Subscore
7.6/10
10/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
HP
->
Laserjet 2600n
HP
->
Laserjet 4250
HP
->
Laserjet 500 plus
HP
->
Laserjet 9040mfp
HP
->
Laserjet m1522n mfp
HP
->
Laserjet p2010
HP
->
Color laserjet 4600dtn
HP
->
Laserjet 1000
HP
->
Laserjet 1300
HP
->
Laserjet 3000
HP
->
Laserjet 4300
HP
->
Laserjet 5100
HP
->
Laserjet 9050
HP
->
Laserjet m3027 mfp
HP
->
Laserjet p2015
HP
->
8100c digital sender
HP
->
Color laserjet 4600hdn
HP
->
Laserjet 1005
HP
->
Laserjet 1320
HP
->
Laserjet 3700
HP
->
Laserjet 4345 mfp
HP
->
Laserjet 5100dtn
HP
->
Laserjet 9050 mfp
HP
->
Laserjet m3035 mfp
HP
->
Laserjet p2030
HP
->
9100c digital sender
HP
->
Color laserjet 4650
HP
->
Laserjet 1010
HP
->
Laserjet 2
HP
->
Laserjet 4
HP
->
Laserjet 4345mfp
HP
->
Laserjet 5200
HP
->
Laserjet 9050mfp
HP
->
Laserjet m4345 mfp
HP
->
Laserjet p2050
HP
->
9200c digital sender
HP
->
Color laserjet 4700
HP
->
Laserjet 1012
HP
->
Laserjet 2000
HP
->
Laserjet 4/4m
HP
->
Laserjet 4350
HP
->
Laserjet 5l
HP
->
Laserjet 9055
HP
->
Laserjet m5025 mfp
HP
->
Laserjet p3000
HP
->
9250c digital sender
HP
->
Color laserjet 4730 mfp
HP
->
Laserjet 1015
HP
->
Laserjet 2100
HP
->
Laserjet 4000
HP
->
Laserjet 4350dtn
HP
->
Laserjet 5m
HP
->
Laserjet 9065
HP
->
Laserjet m5035 mfp
HP
->
Laserjet p3005
HP
->
Color laserjet
HP
->
Color laserjet 5500
HP
->
Laserjet 1018
HP
->
Laserjet 2200
HP
->
Laserjet 4000n
HP
->
Laserjet 4650dn
HP
->
Laserjet 5p/mp
HP
->
Laserjet 9500
HP
->
Laserjet p1000
HP
->
Laserjet p4010
HP
->
Color laserjet 1500
HP
->
Color laserjet 5550
HP
->
Laserjet 1018s
HP
->
Laserjet 2200dtn
HP
->
Laserjet 4050
HP
->
Laserjet 4 plus/m plus
HP
->
Laserjet 5si
HP
->
Laserjet 9500mfp
HP
->
Laserjet p1005
HP
->
Laserjet p4014
HP
->
Color laserjet 2500
HP
->
Color laserjet 8500
HP
->
Laserjet 1020
HP
->
Laserjet 2300
HP
->
Laserjet 4100
HP
->
Laserjet 4l/ml
HP
->
Laserjet 8000
HP
->
Laserjet ii
HP
->
Laserjet p1006
HP
->
Laserjet p4015
HP
->
Color laserjet 2500l
HP
->
Color laserjet 8550
HP
->
Laserjet 1020 plus
HP
->
Laserjet 2300dn
HP
->
Laserjet 4100 mfp
HP
->
Laserjet 4m plus
HP
->
Laserjet 8100
HP
->
Laserjet iid
HP
->
Laserjet p1007
HP
->
Laserjet p4500
HP
->
Color laserjet 2500lse
HP
->
Color laserjet 9500
HP
->
Laserjet 1022
HP
->
Laserjet 2400
HP
->
Laserjet 4100mfp
References:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01684566
http://www.louhinetworks.fi/advisory/HP_20090317.txt
http://www.securityfocus.com/archive/1/501884/100/0/threaded
http://www.vupen.com/english/advisories/2009/0754
closedb(); ?>
Copyright
2024
, cxsecurity.com
Back to Top