HP LaserJet printer web interface exposes sensitive configuration information without authentication.This includes device information, network configuration, SNMP settings, and other sensitive data that could be leveraged for further attacks or network reconnaissance.
PoC代码[已公开]
id: hp-laserjet-config
info:
name: HP LaserJet Configuration Exposure
author: DhiyaneshDk
severity: medium
description: |
HP LaserJet printer web interface exposes sensitive configuration information without authentication.This includes device information, network configuration, SNMP settings, and other sensitive data that could be leveraged for further attacks or network reconnaissance.
reference:
- https://support.hp.com/us-en/document/ish_4629476-1206130-16
- https://h10032.www1.hp.com/ctg/Manual/c03137192.pdf
- https://www.exploit-db.com/ghdb/6459
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cwe-id: CWE-200
metadata:
verified: true
max-request: 3
vendor: hp
product: laserjet
shodan-query: http.title:"HP LaserJet"
fofa-query: title="HP LaserJet"
google-query: intitle:"HP LaserJet" inurl:info_configuration
tags: hp,laserjet,printer,iot,config,exposure,misconfig
http:
- method: GET
path:
- "{{BaseURL}}/hp/device/this.LCDispatcher?nav=hp.Config"
- "{{BaseURL}}/info_configuration.html?tab=Home&menu=DevConfig"
- "{{BaseURL}}/SSI/info_configuration.htm"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Configuration Page"
- "Device Configuration"
- "set_config_deviceinfo"
condition: or
- type: status
status:
- 200
# digest: 4a0a00473045022100c86818d2ec705c56eb0da64fd937ab91fcb04736fc62da52306bb1c53db9f72f022079bf623eb860aba0ca4ebd2d80cee3d15aa4ce3c6d46c602b354a06ebdb98868:922c64590222798bb761d5b6d8e72950