Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveHpCVE-2011-4161
HistoryDec 01, 2011 - 9:55 p.m.

CVE-2011-4161

2011-12-0121:55:00
CWE-264
hp
web.nvd.nist.gov
58
hp
printer
remote code execution
rfu setting
tcp port 9100
cve-2011-4161

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

8

Confidence

Low

EPSS

0.272

Percentile

96.8%

JSON

The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update.

Affected configurations

Nvd
Node
hpcolor_laserjet_3000
OR
hpcolor_laserjet_3800
OR
hpcolor_laserjet_4700
OR
hpcolor_laserjet_4730Matchmfp
OR
hpcolor_laserjet_4730_mfp
OR
hpcolor_laserjet_5550
OR
hpcolor_laserjet_9500
OR
hpcolor_laserjet_cm3530
OR
hpcolor_laserjet_cm4540Matchmfp
OR
hpcolor_laserjet_cm4730Matchmfp
OR
hpcolor_laserjet_cm6030
OR
hpcolor_laserjet_cm6040
OR
hpcolor_laserjet_cp3505
OR
hpcolor_laserjet_cp3525
OR
hpcolor_laserjet_cp4005
OR
hpcolor_laserjet_cp5525
OR
hpcolor_laserjet_cp6015
OR
hpcolor_laserjet_enterprise_cp4520
OR
hpcolor_laserjet_enterprise_cp4525
OR
hpcolor_mfp_cm8060Match--edgeline
OR
hpdigital_sender_9200c
OR
hpdigital_sender_9250c
OR
hplaserjet_4240
OR
hplaserjet_4250
OR
hplaserjet_4345_mfp
OR
hplaserjet_4350
OR
hplaserjet_5200
OR
hplaserjet_9040
OR
hplaserjet_9050
OR
hplaserjet_enterprise_500_colorMatchm551
OR
hplaserjet_enterprise_600Matchm601
OR
hplaserjet_enterprise_600Matchm602
OR
hplaserjet_enterprise_600Matchm603
OR
hplaserjet_enterprise_m4555Matchmfp
OR
hplaserjet_enterprise_p3015
OR
hplaserjet_m3035
OR
hplaserjet_m5035
OR
hplaserjet_m9040
OR
hplaserjet_m9050
OR
hplaserjet_p3005
OR
hplaserjet_p4014
OR
hplaserjet_p4015
OR
hplaserjet_p4515
VendorProductVersionCPE
hpcolor_laserjet_3000*cpe:2.3:h:hp:color_laserjet_3000:*:*:*:*:*:*:*:*
hpcolor_laserjet_3800*cpe:2.3:h:hp:color_laserjet_3800:*:*:*:*:*:*:*:*
hpcolor_laserjet_4700*cpe:2.3:h:hp:color_laserjet_4700:*:*:*:*:*:*:*:*
hpcolor_laserjet_4730mfpcpe:2.3:h:hp:color_laserjet_4730:mfp:*:*:*:*:*:*:*
hpcolor_laserjet_4730_mfp*cpe:2.3:h:hp:color_laserjet_4730_mfp:*:*:*:*:*:*:*:*
hpcolor_laserjet_5550*cpe:2.3:h:hp:color_laserjet_5550:*:*:*:*:*:*:*:*
hpcolor_laserjet_9500*cpe:2.3:h:hp:color_laserjet_9500:*:*:*:*:*:*:*:*
hpcolor_laserjet_cm3530*cpe:2.3:h:hp:color_laserjet_cm3530:*:*:*:*:*:*:*:*
hpcolor_laserjet_cm4540mfpcpe:2.3:h:hp:color_laserjet_cm4540:mfp:*:*:*:*:*:*:*
hpcolor_laserjet_cm4730mfpcpe:2.3:h:hp:color_laserjet_cm4730:mfp:*:*:*:*:*:*:*
Rows per page:
1-10 of 431

Related

cert 1
securityvulns 3
cvelist 1
hp 1
nvd 1
prion 1
cert
cert
Hewlett-Packard printers and scanner devices allow remote unautheticated firmware updates
2011-12-08 00:00:00
securityvulns
securityvulns
Multiple HP printers unauthorized access
2011-12-05 00:00:00
[security bulletin] HPSBPI02728 SSRT100692 rev.1 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default
2011-12-05 00:00:00
HP LaserJet P3015 printer unauthorized access
2012-01-11 00:00:00
cvelist
cvelist
CVE-2011-4161
2011-12-01 21:00:00
hp
hp
HPSBPI02728 SSRT100692 rev.7 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default
2011-11-28 00:00:00
nvd
nvd
CVE-2011-4161
2011-12-01 21:55:00
prion
prion
Default configuration
2011-12-01 21:55:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

8

Confidence

Low

EPSS

0.272

Percentile

96.8%

JSON
Related for CVE-2011-4161
cert1securityvulns3cvelist1hp1nvd1prion1