Insecure Default Configuration in HP LaserJet Printers and Digital Senders
CVE-2009-0941

Currently unrated

Key Information:

Vendor: HP
Status: Laserjet P4010; Laserjet 2600n; Color Laserjet 4370mfp; Laserjet 4200
Vendor: CVE Published:; 18 March 2009

Summary

The HP Embedded Web Server (EWS) on various HP LaserJet Printers, Edgeline Printers, and Digital Senders lacks a management password by default, allowing remote attackers to easily gain unauthorized access. This inadequately secured configuration can lead to potential exploitation by malicious users, thereby compromising sensitive information and the printer’s operational integrity.

References

http://www.vupen.com/english/advisories/2009/0754

vdb-entryx_refsource_VUPEN

http://h20000.www2.hp.com/bizsupport/TechSupport/Document...

vendor-advisoryx_refsource_HP

http://www.securityfocus.com/archive/1/501884/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Mar 18, 2009
Vulnerability Reserved
Mar 18, 2009