HackDig : Dig high-quality web security articles for hacker

Vulnerabilities in HP LaserJet

2015-01-29 06:00

Hello list!

There are Information Leakage and Insufficient Authorization vulnerabilities in HP LaserJet. Vulnerabilities are in control panel of HP network MFP and printers. Earlier I informed HP about it.

You can read articles in BBC (http://seclists.org/fulldisclosure/2014/Dec/98) and Global Voices (http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2014-December/009067.html) about my attacks on network printers of terrorists in Eastern Ukraine and in Russia.

Affected products:

Vulnerable are HP network MFP and printers with firmware 20130415 and previous versions. Such as in LaserJet 400 MFP M425dn and HP LaserJet M1522n MFP.


Information Leakage (WASC-13):


There is access without authorization to information about all settings of the printer (read only, but it's possible to find printers with possibility to change settings).

Insufficient Authorization (WASC-02):

In section "Print Information Pages" it's possible to print test documents without authorization. Thus without login and password it's possible to waste paper and cartridge of the printer.


I mentioned about these vulnerabilities at my site (http://websecurity.com.ua/7589/).

Best wishes & regards,
Administrator of Websecurity web site

Sent through the Full Disclosure mailing list
Web Archives & RSS: http://seclists.org/fulldisclosure/

Source: 811/naJ/5102/erusolcsidlluf/gro.stsilces

Read:3169 | Comments:0 | Tags:No Tag

“Vulnerabilities in HP LaserJet”0 Comments

Submit A Comment



Blog :

Verification Code:


Share high-quality web security related articles with you:)


Tag Cloud