Sign-up

ID

VAR-201310-0801


TITLE

HP LaserJet Pro Printer Remote Administrator Password Disclosure Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2013-13873

DESCRIPTION

HP is the world's leading high-tech provider, offering a full line of notebooks, desktops, workstations and more. Some networked HP laser printers contain hard-coded URLs in the firmware. These URLs (for example: http://ip_address/dev/save_restore.xml, http://ip_address:8080/IoMgmt/Adapters/wifi0/WPS/Pin) can be accessed without authentication. Then get the plain text administrator password and other information such as WiFi settings.

Trust: 0.6

sources: CNVD: CNVD-2013-13873

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-13873

AFFECTED PRODUCTS

vendor:hpmodel:laserjet pro p1606dn printerscope: - version: -

Trust: 0.6

vendor:hpmodel:laserjet pro p1102wscope: - version: -

Trust: 0.6

vendor:hpmodel:laserjet pro m1218nfs mfpscope: - version: -

Trust: 0.6

vendor:hpmodel:laserjet pro m1217nfw mfpscope: - version: -

Trust: 0.6

vendor:hpmodel:laserjet pro m1216nfh mfpscope: - version: -

Trust: 0.6

vendor:hpmodel:laserjet pro m1214nfh mfpscope: - version: -

Trust: 0.6

vendor:hpmodel:laserjet pro m1213nf mfpscope: - version: -

Trust: 0.6

vendor:hpmodel:laserjet pro m1212nf mfpscope: - version: -

Trust: 0.6

vendor:hpmodel:laserjet pro cp1025nwscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2013-13873

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2013-13873
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2013-13873
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2013-13873

PATCH

title:Patch for HP LaserJet Pro Printer Remote Administrator Password Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/40388

Trust: 0.6

sources: CNVD: CNVD-2013-13873

EXTERNAL IDS

db:CNVDid:CNVD-2013-13873

Trust: 0.6

sources: CNVD: CNVD-2013-13873

REFERENCES

url:http://seclists.org/bugtraq/2013/aug/28

Trust: 0.6

url:http://sekurak.pl/hp-laserjet-pro-printers-remote-admin-password-extraction/

Trust: 0.6

sources: CNVD: CNVD-2013-13873

SOURCES

db:CNVDid:CNVD-2013-13873

LAST UPDATE DATE

2022-05-04T09:24:06.155000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2013-13873date:2013-10-23T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2013-13873date:2013-10-23T00:00:00