Description
HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server that is potentially vulnerable to Cross-site Request Forgery.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.hp.com/us-en/document/c06356322
Scores
CVSS v3
8.8
EPSS
0.0022
EPSS Percentile
44.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (10)
hp/t6b80a_firmware
< 2019-04-19
hp/t6b81a_firmware
< 2019-04-19
hp/t6b82a_firmware
< 2019-04-19
hp/t6b83a_firmware
< 2019-04-19
hp/w2g54a_firmware
< 2019-04-26
hp/w2g55a_firmware
< 2019-04-26
hp/y5s50a_firmware
< 2019-04-26
hp/y5s53a_firmware
< 2019-04-26
hp/y5s54a_firmware
< 2019-04-26
hp/y5s55a_firmware
< 2019-04-26
Published
Jun 17, 2019
Tracked Since
Feb 18, 2026