CVE-2009-0940
HP Digital Sender and LaserJet - Cross-Site Request Forgery via Embedded Web Server
Title source: llmDescription
Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that (1) print documents via unknown vectors, (2) modify the network configuration via a NetIPChange request to hp/device/config_result_YesNo.html/config, or (3) change the password via the Password and ConfirmPassword parameters to hp/device/set_config_password.html/config.
References (8)
Core 8
Core References
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/0754
Vendor Advisory vendor-advisory
x_refsource_hp
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01684566
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/52848
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/34143
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/52849
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/501884/100/0/threaded
Exploit x_refsource_misc
http://www.louhinetworks.fi/advisory/HP_20090317.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/52847
Scores
EPSS
0.0084
EPSS Percentile
74.9%
Details
CWE
CWE-352
Status
published
Products (50)
hp/8100c_digital_sender
hp/9100c_digital_sender
hp/9200c_digital_sender
hp/9250c_digital_sender
hp/color_laserjet
hp/color_laserjet_1500
hp/color_laserjet_2500
hp/color_laserjet_2500l
hp/color_laserjet_2500lse
hp/color_laserjet_2500n
... and 40 more
Published
Mar 18, 2009
Tracked Since
Feb 18, 2026