CVE-2006-1654

HP Color LaserJet Toolbox - Directory Traversal via HTTP GET Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1654. PoCs published by Richard Horsman.

AI-analyzed exploit summary The provided text describes a directory traversal vulnerability in HP Color LaserJet 2500/4600 Toolbox, allowing arbitrary file retrieval via unsanitized input. The example URL demonstrates the exploit path but lacks executable code.

Description

Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Richard Horsman · textremotewindows
https://www.exploit-db.com/exploits/27565

The provided text describes a directory traversal vulnerability in HP Color LaserJet 2500/4600 Toolbox, allowing arbitrary file retrieval via unsanitized input. The example URL demonstrates the exploit path but lacks executable code.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: HP Color LaserJet 2500/4600 Toolbox
No auth needed
Prerequisites: Network access to the vulnerable toolbox service
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/429984/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/24396
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/17367
Exploit, Patch mailing-list x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0085.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/25627
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19529
Exploit, Patch vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1015862
Third Party Advisory, VDB Entry vendor-advisory x_refsource_hp
http://www.securityfocus.com/archive/1/429893/100/0/threaded
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1230

Scores

EPSS 0.0468
EPSS Percentile 90.7%

Details

Status published
Products (11)
hp/color_laserjet 4600dn
hp/color_laserjet 4600dtn
hp/color_laserjet 4600hdn
hp/color_laserjet_2500
hp/color_laserjet_2500_toolbox
hp/color_laserjet_2500l
hp/color_laserjet_2500lse
hp/color_laserjet_2500n
hp/color_laserjet_2500tn
hp/color_laserjet_4600
... and 1 more
Published Apr 06, 2006
Tracked Since Feb 18, 2026