CVE-2009-0940

Currently unrated

Key Information:

Vendor: HP
Status: Laserjet P4010; Laserjet 2600n; Color Laserjet 4370mfp; Laserjet 4200
Vendor: CVE Published:; 18 March 2009

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that (1) print documents via unknown vectors, (2) modify the network configuration via a NetIPChange request to hp/device/config_result_YesNo.html/config, or (3) change the password via the Password and ConfirmPassword parameters to hp/device/set_config_password.html/config.

References

http://www.vupen.com/english/advisories/2009/0754

vdb-entryx_refsource_VUPEN

http://h20000.www2.hp.com/bizsupport/TechSupport/Document...

vendor-advisoryx_refsource_HP

http://osvdb.org/52848

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Mar 18, 2009
Vulnerability Reserved
Mar 18, 2009