CVE-2017-2751

MEDIUM

HP 240 G1 Firmware < f.48 - Insufficiently Protected Credentials

Title source: rule

Description

A BIOS password extraction vulnerability has been reported on certain consumer notebooks with firmware F.22 and others. The BIOS password was stored in CMOS in a way that allowed it to be extracted. This applies to consumer notebooks launched in early 2014.

Exploits (1)

nomisec WRITEUP 1 stars

by BaderSZ · poc

https://github.com/BaderSZ/CVE-2017-2751

View Code ZIP pw:eip

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory x_refsource_hp

https://support.hp.com/us-en/document/c05913581

Scores

CVSS v3 4.6

EPSS 0.0438

EPSS Percentile 89.1%

Attack Vector PHYSICAL

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-522

Status published

Products (34)

hp/compaq_14-h000_firmware

hp/compaq_14-s000_firmware

hp/compaq_cq45-900_firmware

hp/hp_1000-1300_firmware < f.48

hp/hp_14-g000_firmware < f.45

hp/hp_14-r000_firmware < f.43

hp/hp_15-r000_firmware < f.43

hp/hp_15-r500_firmware < f.43

hp/hp_240_g1_firmware < f.48

hp/hp_240_g3_firmware < f.43

... and 24 more

Published Oct 03, 2018

Tracked Since Feb 18, 2026