CVE-2009-0940: CSRF
First published: Wed Mar 18 2009(Updated: )
Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that (1) print documents via unknown vectors, (2) modify the network configuration via a NetIPChange request to hp/device/config_result_YesNo.html/config, or (3) change the password via the Password and ConfirmPassword parameters to hp/device/set_config_password.html/config.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HP LaserJet P4010 | ||
| HP LaserJet 2600n | ||
| HP Color LaserJet 4370 MFP | =20081211_46.211.2 | |
| HP LaserJet 4200dtn | ||
| HP LaserJet II | ||
| HP Color LaserJet 2500 | ||
| HP LaserJet 2600c | ||
| HP LaserJet 4100 MFP | ||
| HP LaserJet P1006 | ||
| HP LaserJet 4200 | ||
| HP LaserJet 2100 | ||
| HP LaserJet II | ||
| HP LaserJet 4250n | ||
| HP LaserJet 2200 | ||
| HP LaserJet 1012 | ||
| HP LaserJet P3005n | ||
| HP LaserJet 1010 | ||
| HP 9000 | ||
| HP LaserJet 1018 | ||
| HP LaserJet 4100 MFP | ||
| HP LaserJet 4200dtn | ||
| HP LaserJet 2410 | =20070410_08.112.3 | |
| HP LaserJet 3000 | ||
| HP LaserJet 500 plus | ||
| HP LaserJet 4 Plus | ||
| HP LaserJet 9000 | ||
| HP LaserJet 9500 MFP | ||
| HP Color LaserJet 2500lse | ||
| HP LaserJet P1000 | ||
| HP Color LaserJet 1500 | ||
| HP LaserJet p1005 | ||
| HP LaserJet 5000 | =r.25.15 | |
| HP LaserJet m5035 MFP | ||
| HP LaserJet P3015 | ||
| HP LaserJet 5200n | ||
| HP LaserJet 9050n | =20080204_08.110.0 | |
| HP Color LaserJet 5500 | ||
| HP LaserJet m5025 MFP | ||
| HP LaserJet 9050 MFP | =20080204_08.110.0 | |
| HP LaserJet 8150 | ||
| HP LaserJet p1008 | ||
| HP LaserJet 9040 MFP | =20080204_08.110.0 | |
| HP Color MFP CM8050 | ||
| HP LaserJet 5si | ||
| HP LaserJet IIISI | ||
| HP Color LaserJet 4700 | ||
| HP Color LaserJet | ||
| HP LaserJet P4xxx | ||
| HP LaserJet 1300 | ||
| HP Color LaserJet 4600dtn | ||
| HP LaserJet 9050 MFP | ||
| HP LaserJet P2050 | ||
| HP LaserJet 5l | ||
| HP LaserJet p4014 | ||
| HP LaserJet 4240n | ||
| HP LaserJet 4000n | ||
| HP LaserJet 4350n | =20080319_08.015.0 | |
| HP LaserJet P4014 | ||
| Hp Laserjet M1522n Multifunction Printer | ||
| HP LaserJet 4350dtn | ||
| HP LaserJet 1320 | ||
| HP LaserJet 1020 | ||
| HP LaserJet P2000 | ||
| HP Color LaserJet 9500 MFP | =20070719_05.011.2 | |
| HP LaserJet P2010 | ||
| HP Color LaserJet 4600 Toolbox | ||
| HP LaserJet 2400 | ||
| HP LaserJet IID | ||
| HP LaserJet 9050n | ||
| HP LaserJet 3700 | ||
| HP Color LaserJet 2500n | ||
| HP LaserJet 5100 | ||
| HP LaserJet p1007 | ||
| HP LaserJet 5000 | ||
| HP 9100c Digital Sender | ||
| HP LaserJet 4p/mp | ||
| HP LaserJet M9040 | =20080204_08.110.0 | |
| HP LaserJet 9065 | ||
| HP LaserJet m3035 MFP | ||
| HP LaserJet 5 | ||
| HP LaserJet 2420 | =20070410_08.112.3 | |
| HP LaserJet 1020 | ||
| HP LaserJet 4000 | ||
| HP Color LaserJet 2605dtn | ||
| HP LaserJet 4v/mv | ||
| HP LaserJet 5 | ||
| HP LaserJet 5100 | ||
| HP Digital Sender 9200c | ||
| HP LaserJet P1500 | ||
| HP LaserJet 9040 MFP | ||
| HP LaserJet 2300dn | ||
| HP LaserJet IIID | ||
| HP Color LaserJet 4730 MFP | ||
| HP Color LaserJet 5550 | ||
| HP LaserJet 9000mfp | ||
| HP LaserJet 5100 | =v.29.12 | |
| HP LaserJet 4250n | =20080319_08.015.0 | |
| HP Color LaserJet 9500 | ||
| HP LaserJet 1015 | ||
| HP LaserJet P1505n | ||
| HP LaserJet 2000 | ||
| HP Color LaserJet 9500 MFP | ||
| HP LaserJet p1009 | ||
| HP LaserJet 9050n | ||
| HP LaserJet 9055 | ||
| HP LaserJet P3000 | ||
| HP LaserJet m4345x MFP | =20081211_09.131.1 | |
| HP LaserJet 5000 | =r.25.47 | |
| HP LaserJet 1022 | ||
| HP LaserJet 1160 | ||
| HP Edgeline Printers | ||
| HP LaserJet P1000 | ||
| HP LaserJet 2300 | ||
| HP LaserJet P1505n | ||
| HP LaserJet III | ||
| HP LaserJet 4/4m | ||
| HP LaserJet P2030 | ||
| HP LaserJet 5p/mp | ||
| HP LaserJet M3027 MFP | ||
| HP LaserJet 4050 | ||
| HP LaserJet 1005 | ||
| HP LaserJet 2500 | ||
| HP LaserJet IIP | ||
| HP LaserJet 9500 | ||
| HP LaserJet 4L/ML | ||
| HP Color LaserJet 4650 | ||
| HP LaserJet 8000 | ||
| HP 8100c Digital Sender | ||
| HP LaserJet 1022 | ||
| HP LaserJet P4xxx | ||
| HP LaserJet 4650 | ||
| HP Color LaserJet 8500 | ||
| HP LaserJet 8150dn | ||
| HP Color LaserJet | ||
| HP Color MFP CM8060 | ||
| HP LaserJet 4350n | ||
| HP Color LaserJet 4600dtn | ||
| HP LaserJet 1018 | ||
| HP LaserJet 4300 | ||
| HP LaserJet 4si | ||
| HP LaserJet IIP | ||
| HP LaserJet M9040 | ||
| HP LaserJet 4100 MFP | ||
| HP LaserJet 1200 | ||
| HP LaserJet 4240n | ||
| HP Color LaserJet 2500n | ||
| HP LaserJet 1150 | ||
| HP Color LaserJet 4600dtn | ||
| HP LaserJet m4345x MFP | ||
| HP LaserJet 5l | ||
| HP Digital Senders | ||
| HP Digital Sender 9250c | ||
| HP LaserJet 4/4m | ||
| HP LaserJet 4/4m | ||
| HP LaserJet 2430n | =20070410_08.112.3 | |
| HP LaserJet 1100 | ||
| HP LaserJet 8100 | ||
| HP LaserJet 2430n | ||
| HP Color LaserJet 8550 | ||
| HP LaserJet III | ||
| HP LaserJet 2200 | ||
| HP LaserJet 1022 | ||
| HP LaserJet m4345x MFP | ||
| HP Color LaserJet 2500 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.louhinetworks.fi/advisory/HP_20090317.txt
- http://www.securityfocus.com/bid/34143
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01684566
- http://www.vupen.com/english/advisories/2009/0754
- http://osvdb.org/52848
- http://osvdb.org/52849
- http://osvdb.org/52847
- http://www.securityfocus.com/archive/1/501884/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2009-0940?
CVE-2009-0940 is rated as a medium severity vulnerability due to its potential for CSRF attacks that could hijack users' intranet connectivity.
How do I fix CVE-2009-0940?
To fix CVE-2009-0940, ensure that the firmware of affected HP printers is updated to the latest version provided by HP.
Which devices are affected by CVE-2009-0940?
CVE-2009-0940 affects a wide range of HP LaserJet printers, Edgeline printers, and Digital Senders.
What type of attack does CVE-2009-0940 allow?
CVE-2009-0940 allows attackers to perform cross-site request forgery (CSRF), potentially enabling them to make unauthorized requests on behalf of users.
Can CVE-2009-0940 be exploited remotely?
Yes, CVE-2009-0940 can be exploited remotely, allowing attackers to hijack user sessions without physical access to the vulnerable printers.
- agent/references
- agent/type
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- agent/weakness
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/hp
- canonical/hp laserjet p4010
- canonical/hp laserjet 2600n
- canonical/hp color laserjet 4370 mfp
- version/hp color laserjet 4370 mfp/20081211_46.211.2
- canonical/hp laserjet 4200dtn
- canonical/hp laserjet ii
- canonical/hp color laserjet 2500
- canonical/hp laserjet 2600c
- canonical/hp laserjet 4100 mfp
- canonical/hp laserjet p1006
- canonical/hp laserjet 4200
- canonical/hp laserjet 2100
- canonical/hp laserjet 4250n
- canonical/hp laserjet 2200
- canonical/hp laserjet 1012
- canonical/hp laserjet p3005n
- canonical/hp laserjet 1010
- canonical/hp 9000
- canonical/hp laserjet 1018
- canonical/hp laserjet 2410
- version/hp laserjet 2410/20070410_08.112.3
- canonical/hp laserjet 3000
- canonical/hp laserjet 500 plus
- canonical/hp laserjet 4 plus
- canonical/hp laserjet 9000
- canonical/hp laserjet 9500 mfp
- canonical/hp color laserjet 2500lse
- canonical/hp laserjet p1000
- canonical/hp color laserjet 1500
- canonical/hp laserjet p1005
- canonical/hp laserjet 5000
- version/hp laserjet 5000/r.25.15
- canonical/hp laserjet m5035 mfp
- canonical/hp laserjet p3015
- canonical/hp laserjet 5200n
- canonical/hp laserjet 9050n
- version/hp laserjet 9050n/20080204_08.110.0
- canonical/hp color laserjet 5500
- canonical/hp laserjet m5025 mfp
- canonical/hp laserjet 9050 mfp
- version/hp laserjet 9050 mfp/20080204_08.110.0
- canonical/hp laserjet 8150
- canonical/hp laserjet p1008
- canonical/hp laserjet 9040 mfp
- version/hp laserjet 9040 mfp/20080204_08.110.0
- canonical/hp color mfp cm8050
- canonical/hp laserjet 5si
- canonical/hp laserjet iiisi
- canonical/hp color laserjet 4700
- canonical/hp color laserjet
- canonical/hp laserjet p4xxx
- canonical/hp laserjet 1300
- canonical/hp color laserjet 4600dtn
- canonical/hp laserjet p2050
- canonical/hp laserjet 5l
- canonical/hp laserjet p4014
- canonical/hp laserjet 4240n
- canonical/hp laserjet 4000n
- canonical/hp laserjet 4350n
- version/hp laserjet 4350n/20080319_08.015.0
- canonical/hp laserjet m1522n multifunction printer
- canonical/hp laserjet 4350dtn
- canonical/hp laserjet 1320
- canonical/hp laserjet 1020
- canonical/hp laserjet p2000
- canonical/hp color laserjet 9500 mfp
- version/hp color laserjet 9500 mfp/20070719_05.011.2
- canonical/hp laserjet p2010
- canonical/hp color laserjet 4600 toolbox
- canonical/hp laserjet 2400
- canonical/hp laserjet iid
- canonical/hp laserjet 3700
- canonical/hp color laserjet 2500n
- canonical/hp laserjet 5100
- canonical/hp laserjet p1007
- canonical/hp 9100c digital sender
- canonical/hp laserjet 4p/mp
- canonical/hp laserjet m9040
- version/hp laserjet m9040/20080204_08.110.0
- canonical/hp laserjet 9065
- canonical/hp laserjet m3035 mfp
- canonical/hp laserjet 5
- canonical/hp laserjet 2420
- version/hp laserjet 2420/20070410_08.112.3
- canonical/hp laserjet 4000
- canonical/hp color laserjet 2605dtn
- canonical/hp laserjet 4v/mv
- canonical/hp digital sender 9200c
- canonical/hp laserjet p1500
- canonical/hp laserjet 2300dn
- canonical/hp laserjet iiid
- canonical/hp color laserjet 4730 mfp
- canonical/hp color laserjet 5550
- canonical/hp laserjet 9000mfp
- version/hp laserjet 5100/v.29.12
- version/hp laserjet 4250n/20080319_08.015.0
- canonical/hp color laserjet 9500
- canonical/hp laserjet 1015
- canonical/hp laserjet p1505n
- canonical/hp laserjet 2000
- canonical/hp laserjet p1009
- canonical/hp laserjet 9055
- canonical/hp laserjet p3000
- canonical/hp laserjet m4345x mfp
- version/hp laserjet m4345x mfp/20081211_09.131.1
- version/hp laserjet 5000/r.25.47
- canonical/hp laserjet 1022
- canonical/hp laserjet 1160
- canonical/hp edgeline printers
- canonical/hp laserjet 2300
- canonical/hp laserjet iii
- canonical/hp laserjet 4/4m
- canonical/hp laserjet p2030
- canonical/hp laserjet 5p/mp
- canonical/hp laserjet m3027 mfp
- canonical/hp laserjet 4050
- canonical/hp laserjet 1005
- canonical/hp laserjet 2500
- canonical/hp laserjet iip
- canonical/hp laserjet 9500
- canonical/hp laserjet 4l/ml
- canonical/hp color laserjet 4650
- canonical/hp laserjet 8000
- canonical/hp 8100c digital sender
- canonical/hp laserjet 4650
- canonical/hp color laserjet 8500
- canonical/hp laserjet 8150dn
- canonical/hp color mfp cm8060
- canonical/hp laserjet 4300
- canonical/hp laserjet 4si
- canonical/hp laserjet 1200
- canonical/hp laserjet 1150
- canonical/hp digital senders
- canonical/hp digital sender 9250c
- canonical/hp laserjet 2430n
- version/hp laserjet 2430n/20070410_08.112.3
- canonical/hp laserjet 1100
- canonical/hp laserjet 8100
- canonical/hp color laserjet 8550