HP LaserJet Pro Printers Multiple Information Disclosures (July 2013)
Medium Nessus Plugin ID 69281
SynopsisThe remote printer is potentially affected by multiple information disclosure vulnerabilities.
DescriptionThe remote HP printer is potentially affected by the following unauthorized information disclosure vulnerabilities :
- The URL '/dev/save_restore.xml' contains a hexadecimal representation of the administrator password. This URL also contains the wireless 'service set identifier' (SSID), which could aid in further attacks.
- The URL '/IoMgmt/Adapters/wifi0/WPS/Pin' contains the 'Wi-Fi Protected Setup' (WPS) PIN.
SolutionUpdate the printer's firmware or disable file system access via the Postscript interface.