Skip to main content

HP LaserJet Printers / Digital Senders Unauthorized Firmware Update Vulnerability

Last Update Date: 2 Dec 2011 15:27 Release Date: 2 Dec 2011 6674 Views

RISK: Medium Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

A vulnerability has been identified in various HP LaserJet Printers and HP Digital Senders, which can be exploited by malicious people to bypass certain security restrictions.

 

The vulnerability is caused due to an error within the Remote Firmware Update (RFU) mechanism, which does not check for authentication when handling firmware updates. This can be exploited to upload a malicious firmware to device via a specially crafted request to TCP port 9100.
 


Impact

  • Security Restriction Bypass

System / Technologies affected

  •  HP 9200C Digital Sender
  • HP 9250 Digital Sender
  • HP CM8000 Color MFP Series
  • HP Color LaserJet 3000 Series
  • HP Color LaserJet 3800 Series
  • HP Color LaserJet 4700 Series
  • HP Color LaserJet 4730 Series
  • HP Color LaserJet 5550 Series
  • HP Color LaserJet 9500 Series
  • HP Color LaserJet CM3530 Series
  • HP Color LaserJet CM6030/CM6040 MFP Series
  • HP Color LaserJet CP3505 Series
  • HP Color LaserJet CP3525 Series
  • HP Color LaserJet CP4005 Series
  • HP Color LaserJet CP4025 / CP 4525 Series
  • HP Color Laserjet CP5525 Series
  • HP Color LaserJet CP6015
  • HP Color LaserJet Enterprise CM4540 Series
  • HP Color LaserJet P4014 / P4015 / P4515 Series
  • HP LaserJet 4240 / 4250 / 4340 Series
  • HP LaserJet 4345 Series
  • HP LaserJet 4350 Series
  • HP LaserJet 5200 Series
  • HP LaserJet 9040/9050 Series
  • HP LaserJet Enterprise 500 color M551 Series
  • HP LaserJet Enterprise 600 Series
  • HP LaserJet Enterprise M4555 MFP Series
  • HP LaserJet Enterprise P3015 Series
  • HP LaserJet M3035 MFP Series
  • HP LaserJet M5035 MFP Series
  • HP LaserJet P3005 Series

Solutions

  • Disable the "Printer Firmware Update" setting.

Vulnerability Identifier


Source


Related Link