CVE-2022-48311

CRITICAL

HP Deskjet 2540 A9U23B Firmware CEP1FN1418BR - Authenticated Stored Cross-Site Scripting via HTTP Configuration Page

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-48311. PoCs published by swzhouu.

AI-analyzed exploit summary This repository contains a writeup for CVE-2022-48311, an XSS vulnerability in HP Deskjet 2540 series printers. It describes the vulnerability, affected components, and impact but does not include exploit code.

Description

**UNSUPPORTED WHEN ASSIGNED** Cross Site Scripting (XSS) in HP Deskjet 2540 series printer Firmware Version CEP1FN1418BR and Product Model Number A9U23B allows authenticated attacker to inject their own script into the page via HTTP configuration page. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Exploits (1)

nomisec WRITEUP 1 stars
by swzhouu · poc
https://github.com/swzhouu/CVE-2022-48311

This repository contains a writeup for CVE-2022-48311, an XSS vulnerability in HP Deskjet 2540 series printers. It describes the vulnerability, affected components, and impact but does not include exploit code.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: HP Deskjet Ink Advantage 2540 All-in-One Printer series - Firmware Version CEP1FN1418BR
Auth required
Prerequisites: Authenticated access to the printer's HTTP configuration page
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Third Party Advisory
https://github.com/swzhouu/CVE-2022-48311

Scores

CVSS v3 9.0
EPSS 0.0101
EPSS Percentile 58.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-79
Status published
Products (1)
hp/deskjet_2540_a9u23b_firmware cep1fn1418br
Published Feb 06, 2023
Tracked Since Feb 18, 2026