CVE-2011-4161

Severity

99%

Complexity

99%

Confidentiality

165%

The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update.

CVSS 2.0 Base Score 9.9. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C).

Overview

Type

HP

First reported 13 years ago

2011-12-01 21:55:00

Last updated 12 years ago

2012-09-18 03:28:00

Affected Software

HP Color LaserJet 4700

HP Color LaserJet 4730 MFP printer

HP Color LaserJet 5550

HP Color LaserJet 9500

HP Digital Sender 9200C

HP LaserJet 4345 MFP printer

HP laserjet 9050

References

HPSBPI02728

Vendor Advisory

http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112

http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say

47063

VU#717921

US Government Resource

51324

1026357

[dailydave] 20111130 The Vampire Diaries

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.