CVE-2009-0940

Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that (1) print documents via unknown vectors, (2) modify the network configuration via a NetIPChange request to hp/device/config_result_YesNo.html/config, or (3) change the password via the Password and ConfirmPassword parameters to hp/device/set_config_password.html/config.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:h:hp:color_laserjet_1500:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_5550:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_8500:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_2200:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_2500lse:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_2200dtn:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_2410:20070410_08.112.3:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_2430:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_2500n:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_2300dn:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_8550:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_2600n:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_p1006:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_9500mfp:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_5000:r.25.15:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_8150dn:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_4600hdn:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_9050:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4000:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_p1007:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_5100:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_9000_mfp:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_9055:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4345mfp:20081211_09.131.1:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_5000:r.25.47:*:*:*:*:*:*:*
cpe:2.3:h:hp:edgeline_printers:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_4600:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_2500tn:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_5:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:digital_senders:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:9250c_digital_sender:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4m_plus:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_4370mfp:20081211_46.211.2:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4200:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_ii:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_p3005:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_1018:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4100:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4200dtn:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4_plus\/m_plus:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_9000mfp:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_p1000:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_p2015:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_9040:20080204_08.110.0:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4350:20080319_08.015.0:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4350dtn:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_p2000:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_p2010:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_2400:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_3700:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:9100c_digital_sender:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_9040mfp:20080204_08.110.0:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_9065:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_1020:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4000n:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_p1500:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_4730_mfp:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_1015:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_9050_mfp:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_p3000:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_1160:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_p2030:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4050:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_p1005:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_iip:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:8100c_digital_sender:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_8150:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_1018s:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_1200:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_1150:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_m4345_mfp:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4\/4m:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_1100:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_8100:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4345_mfp:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_p4010:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_2500l:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_2600c:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4100_mfp:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4200ln:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_2100:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_2:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4250:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_1012:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_1010:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_9000:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_3000:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_500_plus:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_1005:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_m5035_mfp:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_5200:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_9050mfp:20080204_08.110.0:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_5500:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_m5025_mfp:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_9050:20080204_08.110.0:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_p1008:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_mfp_cm8050:-:-:edgeline:*:*:*:*:*
cpe:2.3:h:hp:laserjet_5si:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_iiisi:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_4700:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_2500:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_p4510:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_1300:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_p2050:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_5l:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_p4015:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4240n:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_p4014:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_m1522n_mfp:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_1320:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_1020_plus:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_9500mfp:20070719_05.011.2:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_4600dtn:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_iid:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_9050mfp:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_5100dtn:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_5000:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4p\/mp:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_m3035_mfp:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_5\/m\/n:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_2420:20070410_08.112.3:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_2605dtn:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4v\/mv:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_5m:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:9200c_digital_sender:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_9040:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_2300:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_iiid:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_5100:v.29.12:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4250:20080319_08.015.0:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_9500_mfp:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_p1505:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_2000:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_9500:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_p1009:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_1022nw:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_1000:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_p1505n:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_iii:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_5p\/mp:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_m3027_mfp:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_2500:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_9500:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4l\/ml:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_4650:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_8000:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_1022:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_p4500:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4650dn:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_mfp_cm8060:-:-:edgeline:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4350:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4300:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4si:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_iip_plus:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_9040mfp:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4100mfp:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_4240:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:color_laserjet_4600dn:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_2430:20070410_08.112.3:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_iiip:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_1022n:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:laserjet_2500c:*:*:*:*:*:*:*:*

Information

Published : 2009-03-18 14:00

Updated : 2018-10-10 12:32


NVD link : CVE-2009-0940

Mitre link : CVE-2009-0940


JSON object : View

CWE
CWE-352

Cross-Site Request Forgery (CSRF)

Advertisement

dedicated server usa

Products Affected

hp

  • color_laserjet_9500
  • laserjet_4l\/ml
  • laserjet_iiip
  • color_laserjet_4600dtn
  • laserjet_9050
  • laserjet_4345_mfp
  • color_laserjet_2500n
  • laserjet_9500mfp
  • color_laserjet_5500
  • laserjet_9000mfp
  • digital_senders
  • laserjet_4200
  • laserjet_p1009
  • laserjet_2300
  • laserjet_p1505
  • laserjet_4si
  • laserjet_1320
  • laserjet_1200
  • laserjet_m3027_mfp
  • laserjet_p2015
  • laserjet_2000
  • laserjet_5100dtn
  • laserjet_1005
  • laserjet_8000
  • laserjet_9065
  • laserjet_p4014
  • laserjet_1022n
  • laserjet_9500
  • laserjet_2200
  • color_laserjet_5550
  • laserjet_p1008
  • laserjet_p2010
  • laserjet_9000
  • laserjet_ii
  • laserjet_9050mfp
  • color_laserjet_2500tn
  • laserjet_p1000
  • color_mfp_cm8050
  • laserjet_2
  • laserjet_p1007
  • color_laserjet_1500
  • laserjet_1000
  • laserjet_iii
  • laserjet_p4500
  • laserjet_p1500
  • laserjet_2430
  • laserjet_5100
  • laserjet_9050_mfp
  • laserjet_4300
  • laserjet_iip
  • color_laserjet_4370mfp
  • laserjet_4250
  • laserjet_8150
  • laserjet_1020
  • laserjet_5200
  • laserjet_4240
  • 9250c_digital_sender
  • laserjet_4000n
  • laserjet_p1006
  • laserjet_2200dtn
  • laserjet_4\/4m
  • color_laserjet_9500mfp
  • laserjet_4_plus\/m_plus
  • laserjet_p4015
  • laserjet_5
  • laserjet_8100
  • laserjet_4000
  • laserjet_5si
  • laserjet_p2030
  • laserjet_1160
  • laserjet_4
  • laserjet_1300
  • laserjet_5l
  • color_laserjet_4600dn
  • laserjet_p1505n
  • edgeline_printers
  • laserjet_p4510
  • laserjet_4240n
  • laserjet_1020_plus
  • laserjet_1018s
  • laserjet_4350dtn
  • laserjet_4100
  • laserjet_m3035_mfp
  • laserjet_1022
  • color_laserjet_8500
  • laserjet_m4345_mfp
  • laserjet_p2050
  • laserjet_3700
  • laserjet_4050
  • laserjet_5\/m\/n
  • laserjet_iip_plus
  • laserjet_1012
  • laserjet_2100
  • laserjet_9040
  • laserjet_5p\/mp
  • laserjet_iid
  • laserjet_2600n
  • laserjet_2500
  • color_mfp_cm8060
  • laserjet_p2000
  • 8100c_digital_sender
  • laserjet_4100_mfp
  • laserjet_iiisi
  • laserjet_4p\/mp
  • laserjet_5m
  • color_laserjet_2605dtn
  • laserjet_2400
  • laserjet_2500c
  • laserjet_8150dn
  • color_laserjet_4730_mfp
  • laserjet_3000
  • 9100c_digital_sender
  • laserjet_2420
  • color_laserjet_2500l
  • laserjet_4200dtn
  • laserjet_p4010
  • laserjet_1015
  • laserjet_4650dn
  • color_laserjet_2500
  • laserjet_1018
  • color_laserjet_4650
  • laserjet_p3000
  • 9200c_digital_sender
  • laserjet_1150
  • color_laserjet_4700
  • laserjet_4350
  • laserjet_p3005
  • laserjet_m1522n_mfp
  • laserjet_1022nw
  • laserjet_1010
  • laserjet_9000_mfp
  • color_laserjet
  • laserjet_m5025_mfp
  • laserjet_iiid
  • color_laserjet_9500_mfp
  • laserjet_2600c
  • color_laserjet_2500lse
  • laserjet_4v\/mv
  • laserjet_p1005
  • laserjet_4100mfp
  • laserjet_1100
  • laserjet_4m_plus
  • color_laserjet_4600hdn
  • color_laserjet_4600
  • laserjet_9040mfp
  • laserjet_5000
  • laserjet_4200ln
  • color_laserjet_8550
  • laserjet_9055
  • laserjet_m5035_mfp
  • laserjet_2410
  • laserjet_4345mfp
  • laserjet_2300dn
  • laserjet_500_plus