The remote upgrade capability in HP LaserJet 4200 and 4300 printers does not require a password, which allows remote attackers to upgrade firmware.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Color_laserjet | Hp | 4650 (including) | 4650 (including) |
| Color_laserjet | Hp | 5500 (including) | 5500 (including) |
| Color_laserjet | Hp | 5550 (including) | 5550 (including) |
| Color_laserjet_4600 | Hp | * | * |
| Laserjet_2500 | Hp | * | * |
| Laserjet_3000 | Hp | * | * |
| Laserjet_3700 | Hp | * | * |
| Laserjet_4100_mfp | Hp | * | * |
| Laserjet_4200 | Hp | * | * |
| Laserjet_4300 | Hp | * | * |
| Laserjet_9000 | Hp | * | * |
| Laserjet_9000_mfp | Hp | * | * |
| Laserjet_9040_mpf | Hp | * | * |
| Laserjet_9050 | Hp | * | * |
| Laserjet_9050_mpf | Hp | * | * |
| Laserjet_9055 | Hp | * | * |
| Laserjet_9065 | Hp | * | * |
| Laserjet_9500 | Hp | * | * |
| Laserjet_9500_mpf | Hp | * | * |
References
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=PSD_HPSBPI01085
- http://securitytracker.com/id?1011671
- http://www.securityfocus.com/bid/11297
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17634
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=PSD_HPSBPI01085
- http://securitytracker.com/id?1011671
- http://www.securityfocus.com/bid/11297
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17634