CVE-2009-0940

Home/CVE/Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers,

CVE

Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers,

Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that (1) print documents via unknown vectors, (2) modify the network configuration via a NetIPChange request to hp/device/config_result_YesNo.html/config, or (3) change the password via the Password and ConfirmPassword parameters to hp/device/set_config_password.html/config.

MEDIUM · CVSS 5.1 EPSS 0.00837

Schedule remediation

Public exploit or PoC is available

Sigma rules0 YARA rules0

⬡

Weakness Classification

CWE-352Cross-Site Request Forgery (CSRF)

▤

Affected Products & Versions

hp 8100c digital senderall versions
hp 9100c digital senderall versions
hp 9200c digital senderall versions
hp 9250c digital senderall versions
hp color laserjetall versions
hp color laserjet 1500all versions
hp color laserjet 2500all versions
hp color laserjet 2500lall versions
Show all 60 affected productshp color laserjet 2500lseall versions
hp color laserjet 2500nall versions
hp color laserjet 2500tnall versions
hp color laserjet 2605dtnall versions
hp color laserjet 4370mfpall versions
hp color laserjet 4600all versions
hp color laserjet 4600dnall versions
hp color laserjet 4600dtnall versions
hp color laserjet 4600hdnall versions
hp color laserjet 4650all versions
hp color laserjet 4700all versions
hp color laserjet 4730 mfpall versions
hp color laserjet 5500all versions
hp color laserjet 5550all versions
hp color laserjet 8500all versions
hp color laserjet 8550all versions
hp color laserjet 9500all versions
hp color laserjet 9500 mfpall versions
hp color laserjet 9500mfpall versions
hp color mfp cm8050all versions
hp color mfp cm8060all versions
hp digital sendersall versions
hp edgeline printersall versions
hp laserjet 1000all versions
hp laserjet 1005all versions
hp laserjet 1010all versions
hp laserjet 1012all versions
hp laserjet 1015all versions
hp laserjet 1018all versions
hp laserjet 1018sall versions
hp laserjet 1020all versions
hp laserjet 1020 plusall versions
hp laserjet 1022all versions
hp laserjet 1022nall versions
hp laserjet 1022nwall versions
hp laserjet 1100all versions
hp laserjet 1150all versions
hp laserjet 1160all versions
hp laserjet 1200all versions
hp laserjet 1300all versions
hp laserjet 1320all versions
hp laserjet 2all versions
hp laserjet 2000all versions
hp laserjet 2100all versions
hp laserjet 2200all versions
hp laserjet 2200dtnall versions
hp laserjet 2300all versions
hp laserjet 2300dnall versions
hp laserjet 2400all versions
hp laserjet 2410all versions
hp laserjet 2420all versions
hp laserjet 2430all versions

⚠

Public Exploits & PoCs

pocwww.louhinetworks.fi · HP_20090317.txtwww.louhinetworks.fi

▣

Scoring & Timeline

5.1

MEDIUM · CVSS v2 (legacy) · cve@mitre.org

View on NVD

This CVE predates CVSS v3; the legacy v2 score is shown so triage still has a severity to work with.

v2 Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Published to NVD18 Mar 2009 · 09:00 PM

🔗

References & Sources

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01684566Vendor Advisory

http://osvdb.org/52847

http://osvdb.org/52848

http://osvdb.org/52849

http://www.securityfocus.com/archive/1/501884/100/0/threaded

http://www.securityfocus.com/bid/34143

Show all 7 references

http://www.vupen.com/english/advisories/2009/0754

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin