Cross-Site Request Forgery in HP Embedded Web Server on HP Printers and Digital Senders
CVE-2009-0940

Currently unrated

Key Information:

Vendor

HP
Status
Laserjet P4010
Laserjet 2600n
Color Laserjet 4370mfp
Laserjet 4200
Vendor
CVE Published:
18 March 2009

What is CVE-2009-0940?

The HP Embedded Web Server (EWS) on various HP LaserJet Printers, Edgeline Printers, and Digital Senders is susceptible to multiple cross-site request forgery vulnerabilities. Attackers can exploit these weaknesses to perform unauthorized actions on behalf of users. Specifically, they may print documents through unknown vectors, alter network configurations via a specific NetIPChange request, or manipulate user passwords using the Password and ConfirmPassword fields. This creates opportunities for unauthorized access and control over printer settings and user credentials.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.vupen.com/english/advisories/2009/0754
vdb-entryx_refsource_VUPEN
http://h20000.www2.hp.com/bizsupport/TechSupport/Document...
vendor-advisoryx_refsource_HP
http://osvdb.org/52848
vdb-entryx_refsource_OSVDB

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.