CVE-2011-4161
Summary
| CVE | CVE-2011-4161 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2011-12-01 21:55:00 UTC |
| Updated | 2012-09-18 03:28:00 UTC |
| Description | The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update. |
Risk And Classification
Problem Types: CWE-264
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Hp | Color Laserjet 3000 | All | All | All | All |
| Hardware | Hp | Color Laserjet 3000 | All | All | All | All |
| Hardware | Hp | Color Laserjet 3800 | All | All | All | All |
| Hardware | Hp | Color Laserjet 3800 | All | All | All | All |
| Hardware | Hp | Color Laserjet 4700 | All | All | All | All |
| Hardware | Hp | Color Laserjet 4700 | All | All | All | All |
| Hardware | Hp | Color Laserjet 4730 | mfp | All | All | All |
| Hardware | Hp | Color Laserjet 4730 | mfp | All | All | All |
| Hardware | Hp | Color Laserjet 4730 Mfp | All | All | All | All |
| Hardware | Hp | Color Laserjet 4730 Mfp | All | All | All | All |
| Hardware | Hp | Color Laserjet 5550 | All | All | All | All |
| Hardware | Hp | Color Laserjet 5550 | All | All | All | All |
| Hardware | Hp | Color Laserjet 9500 | All | All | All | All |
| Hardware | Hp | Color Laserjet 9500 | All | All | All | All |
| Hardware | Hp | Color Laserjet Cm3530 | All | All | All | All |
| Hardware | Hp | Color Laserjet Cm3530 | All | All | All | All |
| Hardware | Hp | Color Laserjet Cm4540 | mfp | All | All | All |
| Hardware | Hp | Color Laserjet Cm4540 | mfp | All | All | All |
| Hardware | Hp | Color Laserjet Cm4730 | mfp | All | All | All |
| Hardware | Hp | Color Laserjet Cm4730 | mfp | All | All | All |
| Hardware | Hp | Color Laserjet Cm6030 | All | All | All | All |
| Hardware | Hp | Color Laserjet Cm6030 | All | All | All | All |
| Hardware | Hp | Color Laserjet Cm6040 | All | All | All | All |
| Hardware | Hp | Color Laserjet Cm6040 | All | All | All | All |
| Hardware | Hp | Color Laserjet Cp3505 | All | All | All | All |
| Hardware | Hp | Color Laserjet Cp3505 | All | All | All | All |
| Hardware | Hp | Color Laserjet Cp3525 | All | All | All | All |
| Hardware | Hp | Color Laserjet Cp3525 | All | All | All | All |
| Hardware | Hp | Color Laserjet Cp4005 | All | All | All | All |
| Hardware | Hp | Color Laserjet Cp4005 | All | All | All | All |
| Hardware | Hp | Color Laserjet Cp5525 | All | All | All | All |
| Hardware | Hp | Color Laserjet Cp5525 | All | All | All | All |
| Hardware | Hp | Color Laserjet Cp6015 | All | All | All | All |
| Hardware | Hp | Color Laserjet Cp6015 | All | All | All | All |
| Hardware | Hp | Color Laserjet Enterprise Cp4520 | All | All | All | All |
| Hardware | Hp | Color Laserjet Enterprise Cp4520 | All | All | All | All |
| Hardware | Hp | Color Laserjet Enterprise Cp4525 | All | All | All | All |
| Hardware | Hp | Color Laserjet Enterprise Cp4525 | All | All | All | All |
| Hardware | Hp | Color Mfp Cm8060 | - | - | edgeline | All |
| Hardware | Hp | Color Mfp Cm8060 | - | - | edgeline | All |
| Hardware | Hp | Digital Sender 9200c | All | All | All | All |
| Hardware | Hp | Digital Sender 9200c | All | All | All | All |
| Hardware | Hp | Digital Sender 9250c | All | All | All | All |
| Hardware | Hp | Digital Sender 9250c | All | All | All | All |
| Hardware | Hp | Laserjet 4240 | All | All | All | All |
| Hardware | Hp | Laserjet 4240 | All | All | All | All |
| Hardware | Hp | Laserjet 4250 | All | All | All | All |
| Hardware | Hp | Laserjet 4250 | All | All | All | All |
| Hardware | Hp | Laserjet 4345 Mfp | All | All | All | All |
| Hardware | Hp | Laserjet 4345 Mfp | All | All | All | All |
| Hardware | Hp | Laserjet 4350 | All | All | All | All |
| Hardware | Hp | Laserjet 4350 | All | All | All | All |
| Hardware | Hp | Laserjet 5200 | All | All | All | All |
| Hardware | Hp | Laserjet 5200 | All | All | All | All |
| Hardware | Hp | Laserjet 9040 | All | All | All | All |
| Hardware | Hp | Laserjet 9040 | All | All | All | All |
| Hardware | Hp | Laserjet 9050 | All | All | All | All |
| Hardware | Hp | Laserjet 9050 | All | All | All | All |
| Hardware | Hp | Laserjet Enterprise 500 Color | m551 | All | All | All |
| Hardware | Hp | Laserjet Enterprise 500 Color | m551 | All | All | All |
| Hardware | Hp | Laserjet Enterprise 600 | m601 | All | All | All |
| Hardware | Hp | Laserjet Enterprise 600 | m602 | All | All | All |
| Hardware | Hp | Laserjet Enterprise 600 | m603 | All | All | All |
| Hardware | Hp | Laserjet Enterprise 600 | m601 | All | All | All |
| Hardware | Hp | Laserjet Enterprise 600 | m602 | All | All | All |
| Hardware | Hp | Laserjet Enterprise 600 | m603 | All | All | All |
| Hardware | Hp | Laserjet Enterprise M4555 | mfp | All | All | All |
| Hardware | Hp | Laserjet Enterprise M4555 | mfp | All | All | All |
| Hardware | Hp | Laserjet Enterprise P3015 | All | All | All | All |
| Hardware | Hp | Laserjet Enterprise P3015 | All | All | All | All |
| Hardware | Hp | Laserjet M3035 | All | All | All | All |
| Hardware | Hp | Laserjet M3035 | All | All | All | All |
| Hardware | Hp | Laserjet M5035 | All | All | All | All |
| Hardware | Hp | Laserjet M5035 | All | All | All | All |
| Hardware | Hp | Laserjet M9040 | All | All | All | All |
| Hardware | Hp | Laserjet M9040 | All | All | All | All |
| Hardware | Hp | Laserjet M9050 | All | All | All | All |
| Hardware | Hp | Laserjet M9050 | All | All | All | All |
| Hardware | Hp | Laserjet P3005 | All | All | All | All |
| Hardware | Hp | Laserjet P3005 | All | All | All | All |
| Hardware | Hp | Laserjet P4014 | All | All | All | All |
| Hardware | Hp | Laserjet P4014 | All | All | All | All |
| Hardware | Hp | Laserjet P4015 | All | All | All | All |
| Hardware | Hp | Laserjet P4015 | All | All | All | All |
| Hardware | Hp | Laserjet P4515 | All | All | All | All |
| Hardware | Hp | Laserjet P4515 | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| InfoSec Handlers Diary Blog - Hacking HP Printers for Fun and Profit | MISC | isc.sans.org | |
| Red Tape - Exclusive: Millions of printers open to devastating hack attack, researchers say | MISC | redtape.msnbc.msn.com | |
| 404 Not Found | MLIST | lists.immunityinc.com | |
| About Secunia Research | Flexera | SECUNIA | secunia.com | |
| US-CERT Vulnerability Note VU#717921 - Hewlett-Packard printers and scanner devices allow remote firmware updates | CERT-VN | www.kb.cert.org | US Government Resource |
| HPSBPI02728 SSRT100692 rev.3 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default - c03102449 - HP Business Support Center | HP | h20000.www2.hp.com | Vendor Advisory |
| RETIRED: HP Printers and HP Digital Sender Firmware Update Remote Code Execution Vulnerability | BID | www.securityfocus.com | |
| HP LaserJet Printers Unspecified Flaw Lets Remote Users Update Firmware with Arbitrary Code - SecurityTracker | SECTRACK | www.securitytracker.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.