Cross-Site Request Forgery Vulnerability in HP DeskJet Printers
CVE-2019-6319

8.1HIGH

Key Information:

Vendor

HP
Status
HP Deskjet 3630 All-in-one Printer Series
Vendor
CVE Published:
9 January 2020

What is CVE-2019-6319?

HP DeskJet 3630 All-in-One Printers exhibiting certain models are affected by a Cross-Site Request Forgery (CSRF) vulnerability, allowing attackers to exploit this weakness to perform unauthorized actions. This could lead to significant outcomes such as denial of service or misconfiguration of the device settings. Printers running firmware version SWP1FN1912BR or newer are particularly at risk, emphasizing the importance of patching and securing devices to safeguard against potential exploits.

Affected Version(s)

HP DeskJet 3630 All-in-One Printer series F5S43A - F5S57A

HP DeskJet 3630 All-in-One Printer series K4T93A - K4T99C

HP DeskJet 3630 All-in-One Printer series K4U00B - K4U03B

References

https://support.hp.com/us-en/document/c06308143
x_refsource_CONFIRM

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.