CVE-2017-2741

CRITICAL

HP PageWide/OfficeJet Pro <1708D - RCE

Title source: llm

Exploitation Summary

EIP tracks 4 public exploits for CVE-2017-2741. PoCs published by Metasploit, Jacob Baines, dopheide-esnet, including Metasploit module exploits/linux/misc/hp_jetdirect_path_traversal.

AI-analyzed exploit summary This Metasploit module exploits a path traversal vulnerability in HP Jetdirect printers to write a malicious shell script to /etc/profile.d/ and restart the printer via SNMP, achieving arbitrary code execution.

Description

A potential security vulnerability has been identified with HP PageWide Printers, HP OfficeJet Pro Printers, with firmware before 1708D. This vulnerability could potentially be exploited to execute arbitrary code.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremoteunix

https://www.exploit-db.com/exploits/45273

View Code ZIP pw:eip

This Metasploit module exploits a path traversal vulnerability in HP Jetdirect printers to write a malicious shell script to /etc/profile.d/ and restart the printer via SNMP, achieving arbitrary code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: HP Jetdirect (multiple HP printer models)

No auth needed

Prerequisites: Network access to the printer's PJL port (default 9100) and SNMP port (default 161) · SNMP community string if not public

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC

by Jacob Baines · pythonremotehardware

https://www.exploit-db.com/exploits/42176

View Code ZIP pw:eip

This exploit targets CVE-2017-2741 in HP OfficeJet 8210 printers by uploading a malicious script to the profile.d directory via PJL commands, then triggering a reboot via SNMP to execute a bind shell on port 1270.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: HP OfficeJet 8210 (unpatched)

No auth needed

Prerequisites: Network access to the printer · SNMP community string (default: public) · PJL interface accessible

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WRITEUP

by dopheide-esnet · poc

https://github.com/dopheide-esnet/zeek-jetdirect

View Code ZIP pw:eip

This repository contains documentation and helper scripts for Zeek (formerly Bro) related to CVE-2017-2741, but no actual exploit code. The files include installation scripts, Sphinx documentation configuration, and build/test helpers.

Classification

Writeup 90%

Attack Type

Other

Complexity

Moderate

Reliability

Theoretical

Target: Zeek (formerly Bro)

No auth needed

Prerequisites: Zeek installation · Documentation build tools

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by Jacob Baines · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/misc/hp_jetdirect_path_traversal.rb

View Code ZIP pw:eip

This Metasploit module exploits a path traversal vulnerability in HP Jetdirect printers to achieve arbitrary code execution by writing a shell script to /etc/profile.d and restarting the printer via SNMP.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: HP Jetdirect printers (multiple models)

No auth needed

Prerequisites: Network access to the printer's PJL port (default 9100) and SNMP port (default 161) · SNMP community string if not public

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/42176/

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/45273/

Vendor Advisory vendor-advisory x_refsource_hp

https://support.hp.com/us-en/document/c05462914

Scores

CVSS v3 9.8

EPSS 0.8764

EPSS Percentile 99.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (38)

hp/d3q15a_firmware < 1708d

hp/d3q15b_firmware < 1708d

hp/d3q15d_firmware < 1708d

hp/d3q16a_firmware < 1708d

hp/d3q16b_firmware < 1708d

hp/d3q16c_firmware < 1708d

hp/d3q16d_firmware < 1708d

hp/d3q17a_firmware < 1708d

hp/d3q17c_firmware < 1708d

hp/d3q17d_firmware < 1708d

... and 28 more

Published Jan 23, 2018

Tracked Since Feb 18, 2026