Multiple HP LaserJet Pro Printers Unspecified Information Disclosure Vulnerability Network Vulnerability

Summary

Multiple HP LaserJet Pro Printers are prone to an information-disclosure vulnerability.

Impact

The vulnerability could be exploited remotely to gain unauthorized access to data. Impact Level: Application

Solution

Updates are available.

Insight

The hidden URL '/dev/save_restore.xml' contains a hex representation of the admin password in plaintext and no authentication is needed to access this site.

Affected

HP LaserJet Pro P1102w HP LaserJet Pro P1606dn HP LaserJet Pro M1212nf MFP HP LaserJet Pro M1213nf MFP HP LaserJet Pro M1214nfh MFP HP LaserJet Pro M1216nfh MFP HP LaserJet Pro M1217nfw MFP HP LaserJet Pro M1218nfs MFP HP LaserJet Pro CP1025nw

Detection

Request /dev/save_restore.xml and read the response.

References

http://www.hp.com/
http://www.securityfocus.com/bid/61565

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-4807

CVSS	Base Score: 7.8 AV:N/AC:L/Au:N/C:N/I:C/A:N

Related Vulnerabilities

Allegro RomPager `Misfortune Cookie` Vulnerability
Baby Gekko CMS Multiple Vulnerabilities
Agora CGI Cross Site Scripting
Apache Solr XML External Entity(XXE) Vulnerability-02 Jan-14
Awstats Configuration File Remote Arbitrary Command Execution Vulnerability

Take action and discover your vulnerabilities