HP LaserJet Pro Printers Multiple Information Disclosures (July 2013)

Medium Nessus Plugin ID 69281


The remote printer is potentially affected by multiple information disclosure vulnerabilities.


The remote HP printer is potentially affected by the following unauthorized information disclosure vulnerabilities :

- The URL '/dev/save_restore.xml' contains a hexadecimal representation of the administrator password. This URL also contains the wireless 'service set identifier' (SSID), which could aid in further attacks.

- The URL '/IoMgmt/Adapters/wifi0/WPS/Pin' contains the 'Wi-Fi Protected Setup' (WPS) PIN.


Update the printer's firmware or disable file system access via the Postscript interface.

See Also




Plugin Details

Severity: Medium

ID: 69281

File Name: hp_laserjetpro_data_access3.nbin

Version: $Revision: 1.24 $

Type: remote

Family: Misc.

Published: 2013/08/09

Modified: 2018/01/29

Dependencies: 58184, 36128

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/h:hp:laserjet

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2013/07/26

Vulnerability Publication Date: 2013/07/31

Reference Information

CVE: CVE-2013-4807

BID: 61565

OSVDB: 95907

IAVB: 2013-B-0080