HP OfficeJet Pro Wi-Fi Direct Support Printer Configuration Unauthenticated Access

Critical Nessus Plugin ID 99591


The remote HP OfficeJet printer is using a default configuration that allows unauthenticated access to configuration files.


The remote HP OfficeJet Pro printer is using a default configuration that lacks access controls and authentication for the Wi-Fi Direct Support feature. An unauthenticated, remote attacker can exploit this to gain read and write access to the printer configuration in the embedded web server.


Restrict access to the administrative interface by setting a password.

See Also



Plugin Details

Severity: Critical

ID: 99591

File Name: hp_officejet_pro_8710.nasl

Version: $Revision: 1.2 $

Type: remote

Family: Web Servers

Published: 2017/04/21

Modified: 2017/04/25

Dependencies: 74268

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 9.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:U/RC:ND


Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/h:hp:officejet_pro_8620, cpe:/h:hp:officejet_pro_8710

Required KB Items: hp/officejet/detected

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2017/02/01

Reference Information

OSVDB: 151466