unauthorized-printer-hp: Unauthorized HP office pro printer

日期: 2025-08-01 | 影响软件: HP office pro printer | POC: 已公开

漏洞描述

HP office pro printer web access is exposed.

PoC代码[已公开]

id: unauthorized-printer-hp

info:
  name: Unauthorized HP office pro printer
  author: pussycat0x,r3naissance
  severity: high
  description: HP office pro printer web access is exposed.
  classification:
    cpe: cpe:2.3:h:hp:officejet_pro_8730_m9l80a:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: hp
    product: officejet_pro_8730_m9l80a
    shodan-query: http.title:"Hp Officejet pro"
  tags: hp,iot,unauth,misconfig,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}"
      - "{{BaseURL}}/hp/device/webAccess/index.htm?content=security"

    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - '<title>(HP Officejet Pro([ 0-9A-Za-z]+)|HP Designjet([ 0-9A-Za-z]+).*)<\/title>'

      - type: status
        status:
          - 200
# digest: 4a0a004730450221009c38307f174579479354f4f013fea9193448e51daf5ed95b622fd09172b9bf8602206a8624e9a7556b95eb64d59269d437ca8c80803fa313e0d296529ef1334c7418:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/misconfiguration/hp/unauthorized-printer-hp.yaml