HP LaserJets vulnerable to remote file access
HP have released a security bulletin which alerts users of certain HP LaserJet printers, Color LaserJet and Digital Senders that the devices have a potential vulnerability that could allow unauthorised access to files in the printer. The affected devices include the HP LaserJet 2410, 2420, 2430, 4250, 9040, 9050, 4345mfp, 9040mfp, 9050mfp, the HP Color Laserjet 4730mfp and 9500mfp and the HP Digital Sender 9200C. Fixed firmware is now available from HP, who advise that the bulletin should be acted on as soon as possible.
The problem was reported in October 2008 and involves a potential attacker being able to gain read-only access to files outside the web administration system's root directory. This in turn could expose configuration files or cached documents.
- Certain HP LaserJet Printers, HP Color LaserJet Printers, and HP Digital Senders, Remote Unauthorized Access to Files, HP Security Bulletin.