Cross-Site Request Forgery in HP Embedded Web Server on HP Printers and Digital Senders
CVE-2009-0940
Currently unrated
Key Information:
- Vendor
HP
- Vendor
- CVE Published:
- 18 March 2009
What is CVE-2009-0940?
The HP Embedded Web Server (EWS) on various HP LaserJet Printers, Edgeline Printers, and Digital Senders is susceptible to multiple cross-site request forgery vulnerabilities. Attackers can exploit these weaknesses to perform unauthorized actions on behalf of users. Specifically, they may print documents through unknown vectors, alter network configurations via a specific NetIPChange request, or manipulate user passwords using the Password and ConfirmPassword fields. This creates opportunities for unauthorized access and control over printer settings and user credentials.