 |
|
|
|
| Multiple HP printers unauthorized access | | Published: |  | 05.12.2011 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 12068 | | Type: |  | remote | | Level: |  | 7/10 | | Description: |  | Remote Firmware Update option is enabled by default and allows to replace firmware via TCP/9100. |
| CVE: |  | CVE-2011-4161 (The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update.) |
|
|
|
|
|
|
|
|
