Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbSven PechlerEDB-ID:22319
HistoryMar 03, 2003 - 12:00 a.m.

HP JetDirect Printer - SNMP JetAdmin Device Password Disclosure

2003-03-0300:00:00
Sven Pechler
www.exploit-db.com
58

AI Score

7.4

Confidence

Low

JSON
HP JetDirect J2552A/J2552B/J2591A/J3110A/J3111A/J3113A/J3263A/300.0 X Printer SNMP JetAdmin Device Password Disclosure Vulnerability

source: https://www.securityfocus.com/bid/7001/info

A problem with JetDirect printers could make it possible for a remote user to gain administrative access to the printer.

It has been reported that HP JetDirect printers leak the web JetAdmin device password under some circumstances. By sending an SNMP GET request to a vulnerable printer, the printer will return the hex-encoded device password to the requester. This could allow a remote user to access and change configuration of the printer. 

C:\>snmputil get example.printer public .1.3.6.1.4.1.11.2.3.9.1.1.13.0

Related

cert 1
cvelist 1
cve 1
nessus 1
nvd 1
openvas 1
cert
cert
Hewlett Packard JetDirect-enabled printers disclose Telnet/HTTP passwords in hex format via "SNMP READ" request
2002-09-16 00:00:00
cvelist
cvelist
CVE-2002-1048
2002-08-31 04:00:00
cve
cve
CVE-2002-1048
2002-10-04 04:00:00
nessus
nessus
HP JetDirect Device SNMP Request Cleartext Admin Credential Disclosure
2003-03-04 00:00:00
nvd
nvd
CVE-2002-1048
2002-10-04 04:00:00
openvas
openvas
HP JetDirect EWS Password Discovery (SNMP)
2005-11-03 00:00:00

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:22319
cert1cvelist1cve1nessus1nvd1openvas1