CVE-2011-4161
First published: Thu Dec 01 2011(Updated: )
The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update.
Credit: hp-security-alert@hp.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hp Color Laserjet Enterprise Cp4520 | ||
| Hp Laserjet M5035 | ||
| Hp Laserjet Enterprise 600 | =m603 | |
| Hp Laserjet 4250 | ||
| Hp Color Laserjet Cp3505 | ||
| Hp Color Laserjet 4730 | =mfp | |
| Hp Color Laserjet Enterprise Cp4525 | ||
| Hp Laserjet P3005 | ||
| Hp Laserjet M9050 | ||
| Hp Laserjet 5200 | ||
| Hp Color Laserjet 4700 | ||
| HP Color LaserJet CM3530 | ||
| Hp Color Laserjet Cm4730 | =mfp | |
| Hp Laserjet 9050 | ||
| Hp Laserjet P4015 | ||
| Hp Color Laserjet Cp3525 | ||
| Hp Laserjet P4014 | ||
| Hp Color Laserjet 3800 | ||
| Hp Laserjet Enterprise 600 | =m602 | |
| Hp Color Laserjet Cp5525 | ||
| Hp Color Laserjet Cm6030 | ||
| Hp Laserjet M9040 | ||
| Hp Laserjet 9040 | ||
| Hp Color Laserjet 4730 Mfp | ||
| Hp Color Laserjet 5550 | ||
| Hp Laserjet P4515 | ||
| Hp Laserjet Enterprise 600 | =m601 | |
| Hp Color Laserjet 9500 | ||
| Hp Color Laserjet Cm4540 | =mfp | |
| Hp Digital Sender 9250c | ||
| Hp Color Laserjet 3000 | ||
| Hp Digital Sender 9200c | ||
| Hp Laserjet Enterprise 500 Color | =m551 | |
| Hp Color Laserjet Cm6040 | ||
| Hp Laserjet M3035 | ||
| Hp Laserjet Enterprise P3015 | ||
| Hp Color Mfp Cm8060 | ||
| Hp Laserjet 4350 | ||
| Hp Laserjet 4240 | ||
| Hp Color Laserjet Cp6015 | ||
| Hp Laserjet Enterprise M4555 | =mfp | |
| Hp Laserjet 4345 Mfp | ||
| Hp Color Laserjet Cp4005 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://lists.immunityinc.com/pipermail/dailydave/2011-November/000378.html
- http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say
- http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449
- http://www.securityfocus.com/bid/51324
- http://www.kb.cert.org/vuls/id/717921
- http://www.securitytracker.com/id?1026357
- http://secunia.com/advisories/47063
- collector/nvd-historical
- collector/nvd-index
- agent/author
- agent/references
- agent/last-modified-date
- agent/event
- agent/severity
- agent/type
- agent/weakness
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/hp
- canonical/hp color laserjet enterprise cp4520
- canonical/hp laserjet m5035
- canonical/hp laserjet enterprise 600
- version/hp laserjet enterprise 600/m603
- canonical/hp laserjet 4250
- canonical/hp color laserjet cp3505
- canonical/hp color laserjet 4730
- version/hp color laserjet 4730/mfp
- canonical/hp color laserjet enterprise cp4525
- canonical/hp laserjet p3005
- canonical/hp laserjet m9050
- canonical/hp laserjet 5200
- canonical/hp color laserjet 4700
- canonical/hp color laserjet cm3530
- canonical/hp color laserjet cm4730
- version/hp color laserjet cm4730/mfp
- canonical/hp laserjet 9050
- canonical/hp laserjet p4015
- canonical/hp color laserjet cp3525
- canonical/hp laserjet p4014
- canonical/hp color laserjet 3800
- version/hp laserjet enterprise 600/m602
- canonical/hp color laserjet cp5525
- canonical/hp color laserjet cm6030
- canonical/hp laserjet m9040
- canonical/hp laserjet 9040
- canonical/hp color laserjet 4730 mfp
- canonical/hp color laserjet 5550
- canonical/hp laserjet p4515
- version/hp laserjet enterprise 600/m601
- canonical/hp color laserjet 9500
- canonical/hp color laserjet cm4540
- version/hp color laserjet cm4540/mfp
- canonical/hp digital sender 9250c
- canonical/hp color laserjet 3000
- canonical/hp digital sender 9200c
- canonical/hp laserjet enterprise 500 color
- version/hp laserjet enterprise 500 color/m551
- canonical/hp color laserjet cm6040
- canonical/hp laserjet m3035
- canonical/hp laserjet enterprise p3015
- canonical/hp color mfp cm8060
- canonical/hp laserjet 4350
- canonical/hp laserjet 4240
- canonical/hp color laserjet cp6015
- canonical/hp laserjet enterprise m4555
- version/hp laserjet enterprise m4555/mfp
- canonical/hp laserjet 4345 mfp
- canonical/hp color laserjet cp4005