CVE-2009-0940 - OpenCVE

Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that (1) print documents via unknown vectors, (2) modify the network configuration via a NetIPChange request to hp/device/config_result_YesNo.html/config, or (3) change the password via the Password and ConfirmPassword parameters to hp/device/set_config_password.html/config.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:H/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Hp	Laserjet 1015 Laserjet Ii Laserjet 2200dtn 9200c Digital Sender Laserjet 1018s Edgeline Printers Laserjet 5 Laserjet 5100 Laserjet P2050 Color Laserjet 4730 Mfp Color Laserjet 8550 Laserjet 5200 8100c Digital Sender Laserjet 9040mfp Laserjet 1018 Color Laserjet 5500 Laserjet 2500 Laserjet 3700 Laserjet 1200 Laserjet P4510 Laserjet P1505n Laserjet 4250 Laserjet 2600n Laserjet Iiip Color Laserjet 4700 Laserjet 9065 Laserjet 4100 Mfp Laserjet 2200 Laserjet P2000 Laserjet M4345 Mfp Laserjet 8100 Laserjet 1160 Laserjet 4m Plus Laserjet Iii Color Laserjet 4600 Laserjet 9050 Mfp Laserjet 9055 Laserjet Iid Color Laserjet 9500mfp Digital Senders Laserjet Iiid Color Laserjet 5550 Laserjet 5m Color Laserjet 4600dn Laserjet 1005 Laserjet 5si Laserjet 9050mfp Laserjet 4v\/mv Laserjet 4p\/mp Laserjet 2300dn Laserjet 4100 Laserjet P1008 Laserjet P1009 Laserjet 4200 9250c Digital Sender Laserjet 8000 Laserjet P3005 Laserjet P4015 Laserjet P4500 Laserjet P1505 Laserjet 4\/4m Laserjet 9000mfp Laserjet 1150 Laserjet P1006 Laserjet 1300 Laserjet 2100 Laserjet 1000 Laserjet 9000 Mfp Laserjet P3000 Laserjet 1020 Plus Laserjet M3035 Mfp Laserjet 2400 Color Laserjet 4650 Laserjet P1007 Laserjet 2430 Color Laserjet 8500 Laserjet 9050 Laserjet 4si Laserjet 4200dtn Color Mfp Cm8050 Laserjet 1010 Laserjet 1022n Laserjet 4240 Laserjet 4650dn Color Laserjet 4370mfp Laserjet 4000 Color Laserjet 1500 Laserjet P4014 Color Laserjet Laserjet 2000 Laserjet 2300 Color Laserjet 2500tn Color Laserjet 9500 Laserjet Iip Plus Laserjet 9040 Laserjet P4010 Laserjet 4 Laserjet 2600c Laserjet 500 Plus Laserjet Iip Laserjet 1022nw Laserjet 5\/m\/n Laserjet 9500 Laserjet 4200ln Color Laserjet 2500 Laserjet P2015 Color Laserjet 2500n Laserjet P2010 Laserjet 8150 Laserjet 3000 Laserjet M5025 Mfp Laserjet M5035 Mfp Laserjet P2030 Color Laserjet 4600hdn Color Laserjet 9500 Mfp Laserjet 4345mfp Laserjet M1522n Mfp Laserjet 4300 Color Laserjet 2500lse Laserjet 5000 Laserjet P1500 Laserjet 1022 Laserjet 2 Laserjet 4000n Laserjet 1320 Laserjet 1020 Laserjet M3027 Mfp Color Laserjet 2605dtn Laserjet 4050 Laserjet 2410 Laserjet 4350dtn Color Laserjet 4600dtn Color Laserjet 2500l Laserjet 4345 Mfp Laserjet Iiisi Laserjet 2500c Laserjet 4 Plus\/m Plus Color Mfp Cm8060 Laserjet 4350 Laserjet 5l Laserjet 9500mfp Laserjet 5p\/mp Laserjet 5100dtn Laserjet 2420 Laserjet 1100 Laserjet 4100mfp Laserjet 4l\/ml Laserjet 4240n 9100c Digital Sender Laserjet P1000 Laserjet 9000 Laserjet P1005 Laserjet 1012 Laserjet 8150dn

Configuration 1 [-]

OR	cpe:2.3:h:hp:8100c_digital_sender:-:::::::*
	cpe:2.3:h:hp:9100c_digital_sender:-:::::::*
	cpe:2.3:h:hp:9200c_digital_sender:-:::::::*
	cpe:2.3:h:hp:9250c_digital_sender:-:::::::*
	cpe:2.3:h:hp:color_laserjet::::::::
	cpe:2.3:h:hp:color_laserjet_1500::::::::
	cpe:2.3:h:hp:color_laserjet_2500::::::::
	cpe:2.3:h:hp:color_laserjet_2500l::::::::
	cpe:2.3:h:hp:color_laserjet_2500lse::::::::
	cpe:2.3:h:hp:color_laserjet_2500n::::::::
	cpe:2.3:h:hp:color_laserjet_2500tn::::::::
	cpe:2.3:h:hp:color_laserjet_2605dtn::::::::
	cpe:2.3:h:hp:color_laserjet_4370mfp:20081211_46.211.2:::::::*
	cpe:2.3:h:hp:color_laserjet_4600::::::::
	cpe:2.3:h:hp:color_laserjet_4600dn::::::::
	cpe:2.3:h:hp:color_laserjet_4600dtn::::::::
	cpe:2.3:h:hp:color_laserjet_4600hdn::::::::
	cpe:2.3:h:hp:color_laserjet_4650::::::::
	cpe:2.3:h:hp:color_laserjet_4700::::::::
	cpe:2.3:h:hp:color_laserjet_4730_mfp::::::::
	cpe:2.3:h:hp:color_laserjet_5500::::::::
	cpe:2.3:h:hp:color_laserjet_5550::::::::
	cpe:2.3:h:hp:color_laserjet_8500::::::::
	cpe:2.3:h:hp:color_laserjet_8550::::::::
	cpe:2.3:h:hp:color_laserjet_9500::::::::
	cpe:2.3:h:hp:color_laserjet_9500_mfp::::::::
	cpe:2.3:h:hp:color_laserjet_9500mfp:20070719_05.011.2:::::::*
	cpe:2.3:h:hp:color_mfp_cm8050:-:-:edgeline:::::*
	cpe:2.3:h:hp:color_mfp_cm8060:-:-:edgeline:::::*
	cpe:2.3:h:hp:digital_senders::::::::
	cpe:2.3:h:hp:edgeline_printers::::::::
	cpe:2.3:h:hp:laserjet_1000::::::::
	cpe:2.3:h:hp:laserjet_1005::::::::
	cpe:2.3:h:hp:laserjet_1010::::::::
	cpe:2.3:h:hp:laserjet_1012::::::::
	cpe:2.3:h:hp:laserjet_1015::::::::
	cpe:2.3:h:hp:laserjet_1018::::::::
	cpe:2.3:h:hp:laserjet_1018s::::::::
	cpe:2.3:h:hp:laserjet_1020::::::::
	cpe:2.3:h:hp:laserjet_1020_plus::::::::
	cpe:2.3:h:hp:laserjet_1022::::::::
	cpe:2.3:h:hp:laserjet_1022n::::::::
	cpe:2.3:h:hp:laserjet_1022nw::::::::
	cpe:2.3:h:hp:laserjet_1100::::::::
	cpe:2.3:h:hp:laserjet_1150::::::::
	cpe:2.3:h:hp:laserjet_1160::::::::
	cpe:2.3:h:hp:laserjet_1200::::::::
	cpe:2.3:h:hp:laserjet_1300::::::::
	cpe:2.3:h:hp:laserjet_1320::::::::
	cpe:2.3:h:hp:laserjet_2::::::::
	cpe:2.3:h:hp:laserjet_2000::::::::
	cpe:2.3:h:hp:laserjet_2100::::::::
	cpe:2.3:h:hp:laserjet_2200::::::::
	cpe:2.3:h:hp:laserjet_2200dtn::::::::
	cpe:2.3:h:hp:laserjet_2300::::::::
	cpe:2.3:h:hp:laserjet_2300dn::::::::
	cpe:2.3:h:hp:laserjet_2400::::::::
	cpe:2.3:h:hp:laserjet_2410:20070410_08.112.3:::::::*
	cpe:2.3:h:hp:laserjet_2420:20070410_08.112.3:::::::*
	cpe:2.3:h:hp:laserjet_2430::::::::
	cpe:2.3:h:hp:laserjet_2430:20070410_08.112.3:::::::*
	cpe:2.3:h:hp:laserjet_2500::::::::
	cpe:2.3:h:hp:laserjet_2500c::::::::
	cpe:2.3:h:hp:laserjet_2600c::::::::
cpe:2.3:h:hp:laserjet_2600n::::::::
cpe:2.3:h:hp:laserjet_3000::::::::
cpe:2.3:h:hp:laserjet_3700::::::::
cpe:2.3:h:hp:laserjet_4::::::::
cpe:2.3:h:hp:laserjet_4\/4m::::::::
cpe:2.3:h:hp:laserjet_4_plus\/m_plus::::::::
cpe:2.3:h:hp:laserjet_4000::::::::
cpe:2.3:h:hp:laserjet_4000n::::::::
cpe:2.3:h:hp:laserjet_4050::::::::
cpe:2.3:h:hp:laserjet_4100::::::::
cpe:2.3:h:hp:laserjet_4100_mfp::::::::
cpe:2.3:h:hp:laserjet_4100mfp::::::::
cpe:2.3:h:hp:laserjet_4200::::::::
cpe:2.3:h:hp:laserjet_4200dtn::::::::
cpe:2.3:h:hp:laserjet_4200ln::::::::
cpe:2.3:h:hp:laserjet_4240::::::::
cpe:2.3:h:hp:laserjet_4240n::::::::
cpe:2.3:h:hp:laserjet_4250::::::::
cpe:2.3:h:hp:laserjet_4250:20080319_08.015.0:::::::*
cpe:2.3:h:hp:laserjet_4300::::::::
cpe:2.3:h:hp:laserjet_4345_mfp::::::::
cpe:2.3:h:hp:laserjet_4345mfp:20081211_09.131.1:::::::*
cpe:2.3:h:hp:laserjet_4350::::::::
cpe:2.3:h:hp:laserjet_4350:20080319_08.015.0:::::::*
cpe:2.3:h:hp:laserjet_4350dtn::::::::
cpe:2.3:h:hp:laserjet_4650dn::::::::
cpe:2.3:h:hp:laserjet_4l\/ml::::::::
cpe:2.3:h:hp:laserjet_4m_plus::::::::
cpe:2.3:h:hp:laserjet_4p\/mp::::::::
cpe:2.3:h:hp:laserjet_4si::::::::
cpe:2.3:h:hp:laserjet_4v\/mv::::::::
cpe:2.3:h:hp:laserjet_5::::::::
cpe:2.3:h:hp:laserjet_5\/m\/n::::::::
cpe:2.3:h:hp:laserjet_500_plus::::::::
cpe:2.3:h:hp:laserjet_5000::::::::
cpe:2.3:h:hp:laserjet_5000:r.25.15:::::::*
cpe:2.3:h:hp:laserjet_5000:r.25.47:::::::*
cpe:2.3:h:hp:laserjet_5100::::::::
cpe:2.3:h:hp:laserjet_5100:v.29.12:::::::*
cpe:2.3:h:hp:laserjet_5100dtn::::::::
cpe:2.3:h:hp:laserjet_5200::::::::
cpe:2.3:h:hp:laserjet_5l::::::::
cpe:2.3:h:hp:laserjet_5m::::::::
cpe:2.3:h:hp:laserjet_5p\/mp::::::::
cpe:2.3:h:hp:laserjet_5si::::::::
cpe:2.3:h:hp:laserjet_8000::::::::
cpe:2.3:h:hp:laserjet_8100::::::::
cpe:2.3:h:hp:laserjet_8150::::::::
cpe:2.3:h:hp:laserjet_8150dn::::::::
cpe:2.3:h:hp:laserjet_9000::::::::
cpe:2.3:h:hp:laserjet_9000_mfp::::::::
cpe:2.3:h:hp:laserjet_9000mfp::::::::
cpe:2.3:h:hp:laserjet_9040::::::::
cpe:2.3:h:hp:laserjet_9040:20080204_08.110.0:::::::*
cpe:2.3:h:hp:laserjet_9040mfp::::::::
cpe:2.3:h:hp:laserjet_9040mfp:20080204_08.110.0:::::::*
cpe:2.3:h:hp:laserjet_9050::::::::
cpe:2.3:h:hp:laserjet_9050:20080204_08.110.0:::::::*
cpe:2.3:h:hp:laserjet_9050_mfp::::::::
cpe:2.3:h:hp:laserjet_9050mfp::::::::
cpe:2.3:h:hp:laserjet_9050mfp:20080204_08.110.0:::::::*
cpe:2.3:h:hp:laserjet_9055::::::::
cpe:2.3:h:hp:laserjet_9065::::::::
cpe:2.3:h:hp:laserjet_9500::::::::
cpe:2.3:h:hp:laserjet_9500mfp::::::::
cpe:2.3:h:hp:laserjet_ii::::::::
cpe:2.3:h:hp:laserjet_iid::::::::
cpe:2.3:h:hp:laserjet_iii::::::::
cpe:2.3:h:hp:laserjet_iiid::::::::
cpe:2.3:h:hp:laserjet_iiip::::::::
cpe:2.3:h:hp:laserjet_iiisi::::::::
cpe:2.3:h:hp:laserjet_iip::::::::
cpe:2.3:h:hp:laserjet_iip_plus::::::::
cpe:2.3:h:hp:laserjet_m1522n_mfp::::::::
cpe:2.3:h:hp:laserjet_m3027_mfp::::::::
cpe:2.3:h:hp:laserjet_m3035_mfp::::::::
cpe:2.3:h:hp:laserjet_m4345_mfp::::::::
cpe:2.3:h:hp:laserjet_m5025_mfp::::::::
cpe:2.3:h:hp:laserjet_m5035_mfp::::::::
cpe:2.3:h:hp:laserjet_p1000::::::::
cpe:2.3:h:hp:laserjet_p1005::::::::
cpe:2.3:h:hp:laserjet_p1006::::::::
cpe:2.3:h:hp:laserjet_p1007::::::::
cpe:2.3:h:hp:laserjet_p1008::::::::
cpe:2.3:h:hp:laserjet_p1009::::::::
cpe:2.3:h:hp:laserjet_p1500::::::::
cpe:2.3:h:hp:laserjet_p1505::::::::
cpe:2.3:h:hp:laserjet_p1505n::::::::
cpe:2.3:h:hp:laserjet_p2000::::::::
cpe:2.3:h:hp:laserjet_p2010::::::::
cpe:2.3:h:hp:laserjet_p2015::::::::
cpe:2.3:h:hp:laserjet_p2030::::::::
cpe:2.3:h:hp:laserjet_p2050::::::::
cpe:2.3:h:hp:laserjet_p3000::::::::
cpe:2.3:h:hp:laserjet_p3005::::::::
cpe:2.3:h:hp:laserjet_p4010::::::::
cpe:2.3:h:hp:laserjet_p4014::::::::
cpe:2.3:h:hp:laserjet_p4015::::::::
cpe:2.3:h:hp:laserjet_p4500::::::::
cpe:2.3:h:hp:laserjet_p4510::::::::

References

Link	Resource
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01684566	Vendor Advisory
http://osvdb.org/52847
http://osvdb.org/52848
http://osvdb.org/52849
http://www.louhinetworks.fi/advisory/HP_20090317.txt	Exploit
http://www.securityfocus.com/archive/1/501884/100/0/threaded
http://www.securityfocus.com/bid/34143
http://www.vupen.com/english/advisories/2009/0754