CVE-2017-2751

MEDIUM

HP Consumer Notebook Firmware < F.72 - Insufficiently Protected BIOS Credentials

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-2751. PoCs published by BaderSZ.

AI-analyzed exploit summary This repository contains documentation (PDF/TeX) for CVE-2017-2751, which involves BIOS/EFI password extraction for consumer HP laptops. No exploit code is present, only a README referencing the files.

Description

A BIOS password extraction vulnerability has been reported on certain consumer notebooks with firmware F.22 and others. The BIOS password was stored in CMOS in a way that allowed it to be extracted. This applies to consumer notebooks launched in early 2014.

Exploits (1)

nomisec WRITEUP 1 stars
by BaderSZ · poc
https://github.com/BaderSZ/CVE-2017-2751

This repository contains documentation (PDF/TeX) for CVE-2017-2751, which involves BIOS/EFI password extraction for consumer HP laptops. No exploit code is present, only a README referencing the files.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: HP consumer laptops (BIOS/EFI)
No auth needed
Prerequisites: Physical or local access to vulnerable HP laptop
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory x_refsource_hp
https://support.hp.com/us-en/document/c05913581

Scores

CVSS v3 4.6
EPSS 0.0106
EPSS Percentile 60.6%
Attack Vector PHYSICAL
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-522
Status published
Products (34)
hp/compaq_14-h000_firmware
hp/compaq_14-s000_firmware
hp/compaq_cq45-900_firmware
hp/hp_1000-1300_firmware < f.48
hp/hp_14-g000_firmware < f.45
hp/hp_14-r000_firmware < f.43
hp/hp_15-r000_firmware < f.43
hp/hp_15-r500_firmware < f.43
hp/hp_240_g1_firmware < f.48
hp/hp_240_g3_firmware < f.43
... and 24 more
Published Oct 03, 2018
Tracked Since Feb 18, 2026