ID CVE-2013-4807
Summary Unspecified vulnerability on the HP LaserJet Pro P1102w, P1606dn, M1212nf MFP, M1213nf MFP, M1214nfh MFP, M1216nfh MFP, M1217nfw MFP, M1218nfs MFP, and CP1025nw with firmware before 2013-07-26 20130703 allows remote attackers to modify data via unknown vectors.
References
Vulnerable Configurations
  • cpe:2.3:h:hp:laserjet_pro_cp1025nw_firmware:20130703
    cpe:2.3:h:hp:laserjet_pro_cp1025nw_firmware:20130703
  • HP LaserJet Pro CP1025nw CE914A
    cpe:2.3:h:hp:laserjet_pro_cp1025nw:ce914a
  • HP LaserJet Pro CP1025nw CE918A
    cpe:2.3:h:hp:laserjet_pro_cp1025nw:ce918a
  • cpe:2.3:h:hp:laserjet_pro_m1214nfh_mfp_firmware:20130703
    cpe:2.3:h:hp:laserjet_pro_m1214nfh_mfp_firmware:20130703
  • cpe:2.3:h:hp:laserjet_pro_m1214nfh_mfp:ce842a
    cpe:2.3:h:hp:laserjet_pro_m1214nfh_mfp:ce842a
  • cpe:2.3:h:hp:laserjet_pro_p1606dn_firmware:20130212
    cpe:2.3:h:hp:laserjet_pro_p1606dn_firmware:20130212
  • HP LaserJet Pro P1606dn CE749A
    cpe:2.3:h:hp:laserjet_pro_p1606dn:ce749a
  • cpe:2.3:h:hp:laserjet_pro_m1216nfh_multifunction_printer_firmware:20130703
    cpe:2.3:h:hp:laserjet_pro_m1216nfh_multifunction_printer_firmware:20130703
  • cpe:2.3:h:hp:laserjet_pro_m1216nfh_multifunction_printer:ce843a
    cpe:2.3:h:hp:laserjet_pro_m1216nfh_multifunction_printer:ce843a
  • cpe:2.3:h:hp:laserjet_pro_m1213nf_mfp_firmware:20130703
    cpe:2.3:h:hp:laserjet_pro_m1213nf_mfp_firmware:20130703
  • HP LaserJet Pro M1213nf MFP CE845A
    cpe:2.3:h:hp:laserjet_pro_m1213nf_mfp:ce845a
  • cpe:2.3:h:hp:laserjet_pro_m1212nf_mfp_firmware:20130703
    cpe:2.3:h:hp:laserjet_pro_m1212nf_mfp_firmware:20130703
  • HP LaserJet Pro M1212nf MFP CE841A
    cpe:2.3:h:hp:laserjet_pro_m1212nf_mfp:ce841a
  • cpe:2.3:h:hp:laserjet_pro_m1217nfw_multifunction_printer_firmware:20130703
    cpe:2.3:h:hp:laserjet_pro_m1217nfw_multifunction_printer_firmware:20130703
  • cpe:2.3:h:hp:laserjet_pro_m1217nfw_multifunction_printer:ce844a
    cpe:2.3:h:hp:laserjet_pro_m1217nfw_multifunction_printer:ce844a
  • cpe:2.3:h:hp:laserjet_pro_p1102w_firmware:20130703
    cpe:2.3:h:hp:laserjet_pro_p1102w_firmware:20130703
  • cpe:2.3:h:hp:laserjet_pro_p1102w:ce657a
    cpe:2.3:h:hp:laserjet_pro_p1102w:ce657a
  • cpe:2.3:h:hp:laserjet_pro_p1102w:ce658a
    cpe:2.3:h:hp:laserjet_pro_p1102w:ce658a
  • cpe:2.3:h:hp:hotspot_laserjet_pro_m1218nfs_mfp_firmware:20130703
    cpe:2.3:h:hp:hotspot_laserjet_pro_m1218nfs_mfp_firmware:20130703
  • cpe:2.3:h:hp:hotspot_laserjet_pro_m1218nfs_mfp:b4k88a
    cpe:2.3:h:hp:hotspot_laserjet_pro_m1218nfs_mfp:b4k88a
CVSS
Base: 7.8 (as of 02-08-2013 - 19:45)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE COMPLETE NONE
nessus via4
  • NASL family CGI abuses
    NASL id HP_LASERJETPRO_IOMGMTADAPTERS_WPS_PIN_DISC.NASL
    description The remote HP LaserJet Pro printer is affected by an information disclosure vulnerability. The file '/IoMgmt/Adapters/wifi0/WPS/Pin' contains the 'Wi-Fi Protected Security' (WPS) PIN. This information can be used by an attacker in further attacks.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 69282
    published 2013-08-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69282
    title HP LaserJet Pro /IoMgmt/Adapters/wifi0/WPS/Pin WPS PIN Disclosure
  • NASL family CGI abuses
    NASL id HP_LASERJETPRO_SAVERESTORE_PWD_DISCLOSURE.NASL
    description The remote HP LaserJet Pro printer is affected by an information disclosure vulnerability. The file '/dev/save_restore.xml' contains a hexadecimal representation of the administrative password. This information can be used by an attacker in further attacks.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 69283
    published 2013-08-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69283
    title HP LaserJet Pro /dev/save_restore.xml Administrative Password Disclosure
refmap via4
bid 61565
hp
  • HPSBPI02887
  • SSRT101181
osvdb 95907
sectrack 1028869
xf hp-laserjet-cve20134807-unauth-access(86178)
the hacker news via4
id THN:C5083F6355E94037C2C5E53249062440
last seen 2017-01-08
modified 2013-08-06
published 2013-08-06
reporter Mohit Kumar
source http://thehackernews.com/2013/08/hacking-HP-printers-Vulnerability-wifi-password.html
title HP LaserJet Pro Printers remotely exploitable to gain unauthorized access to Wi-Fi and Printer Data
Last major update 22-08-2013 - 02:54
Published 05-08-2013 - 09:22
Last modified 28-08-2017 - 21:33
Back to Top