CVE-2019-6325: CSRF
First published: Mon Jun 17 2019(Updated: )
HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server that is potentially vulnerable to Cross-site Request Forgery.
Credit: hp-security-alert@hp.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HP T6B80A | <2019-04-19 | |
| HP T6B80A Firmware | ||
| HP T6b83a Firmware | <2019-04-19 | |
| HP T6b83a Firmware | ||
| HP T6B81A | <2019-04-19 | |
| HP T6B81A Firmware | ||
| HP T6B82A | <2019-04-19 | |
| HP T6B82A Firmware | ||
| HP W2G54A | <2019-04-26 | |
| HP LaserJet Pro M14 | ||
| HP W2G55A Firmware | <2019-04-26 | |
| HP LaserJet Pro MFP M29 | ||
| HP Y5s53a | <2019-04-26 | |
| HP Y5s53a Firmware | ||
| HP Y5s55a | <2019-04-26 | |
| HP Y5s55a Firmware | ||
| HP Y5s50a Firmware | <2019-04-26 | |
| Hp Y5s50a Firmware | ||
| HP Y5s54a Firmware | <2019-04-26 | |
| HP Y5s54a Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-6325?
The severity of CVE-2019-6325 is categorized as medium, primarily due to the Cross-site Request Forgery vulnerability.
How do I fix CVE-2019-6325?
To fix CVE-2019-6325, update the firmware of the affected HP printers to versions released after April 19, 2019 for T6B80A, T6B83A, T6B81A, T6B82A, and after April 26, 2019 for W2G54A, W2G55A, Y5S53A, Y5S55A, Y5S50A, and Y5S54A.
Which HP printers are affected by CVE-2019-6325?
CVE-2019-6325 affects HP Color LaserJet Pro M280-M281 and HP LaserJet Pro MFP M28-M31 Multifunction Printer series with firmware versions prior to specific release dates.
What kind of attack is CVE-2019-6325 associated with?
CVE-2019-6325 is associated with Cross-site Request Forgery attacks, which could lead to unauthorized actions performed on behalf of a user.
Is CVE-2019-6325 a persistent vulnerability?
CVE-2019-6325 is not persistent since it is resolved through a firmware update that eliminates the vulnerability.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/author
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/hp
- canonical/hp t6b80a
- canonical/hp t6b80a firmware
- canonical/hp t6b83a firmware
- canonical/hp t6b81a
- canonical/hp t6b81a firmware
- canonical/hp t6b82a
- canonical/hp t6b82a firmware
- canonical/hp w2g54a
- canonical/hp laserjet pro m14
- canonical/hp w2g55a firmware
- canonical/hp laserjet pro mfp m29
- canonical/hp y5s53a
- canonical/hp y5s53a firmware
- canonical/hp y5s55a
- canonical/hp y5s55a firmware
- canonical/hp y5s50a firmware
- canonical/hp y5s54a firmware