92 matches found
CVE-2024-3496 Authentication Bypass Vulnerability
Attackers can bypass the web login authentication process to gain access to the printer's system information and upload malicious drivers to the printer. As for the affected products/models/versions, see the reference URL...
CVE-2024-3496
CVE-2024-3496 is an authentication-bypass flaw affecting Toshiba e-STUDIO multifunction printers. Public sources in the connected documents describe a vulnerability where network-adjacent attackers can bypass web login authentication, gaining access to system information and the ability to upload...
CVE-2024-23637 OctoPrint Unverified Password Change via Access Control Settings
OctoPrint is a web interface for 3D printer.s OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to change the password of other admin accounts, including their own, without having to repeat their password. An attacker who managed to hijack an adm...
Code injection
Kyocera TASKalfa 4053ci printers through 2VGS000.002.561 allow identification of valid user accounts via username enumeration because they lead to a "nicht einloggen" error rather than a falsch error...
CVE-2023-0858
Improper Authentication of RemoteUI of Office / Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger unauthorized access to the product. :Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier...
CVE-2023-0855
Buffer overflow in IPP number-up attribute process of Office / Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. :Satera LBP660C Series/LBP620C Series/MF740C...
Hp LaserJet Pro Printer 安全漏洞
The HP Hp LaserJet Pro Printer is a laser printer from Hewlett-Packard HP in the United States. A security vulnerability exists in the Hp LaserJet Pro Printer that stems from possible susceptibility to buffer overflows and elevation of privilege...
Huawei BiSheng-WNM FW Denial of Service Vulnerability (CNVD-2023-39040)
The Huawei BiSheng-WNM FW is a Huawei printer from Huawei China. A denial of service vulnerability exists in Huawei BiSheng-WNM FW version 3.0.0.325, which can be exploited by an attacker to cause a service exception on the device and lead to a denial of service condition...
CVE-2022-48311
UNSUPPORTED WHEN ASSIGNED Cross Site Scripting XSS in HP Deskjet 2540 series printer Firmware Version CEP1FN1418BR and Product Model Number A9U23B allows authenticated attacker to inject their own script into the page via HTTP configuration page. NOTE: This vulnerability only affects products tha...
多款HP产品跨站脚本漏洞
The HP Color LaserJet Pro M280-M281 and others are products of Hewlett-Packard HP in the U.S.A. The HP Color LaserJet Pro M280-M281 is a printer.The HP Color LaserJet CM4540 MFP CC419A is a multifunction printer.The Hp Color LaserJet Cm4540 Mfp and others are products of Hewlett-Packard Hp USA.Hp...
Hp LaserJet Pro Printer 资源管理错误漏洞
Hp LaserJet Pro Printer is a laser printer from Hewlett-Packard Hp U.S.A. A security vulnerability exists in the Hp LaserJet Pro Printer, which stems from a potential security flaw found in the HP LaserJet Pro printer that could be exploited by an attacker to potentially cause a denial of service...
Unauthorized Access Vulnerability in RICOH Aficio MP171 at Ricoh (China) Investment Co.
RICOH Aficio MP 171 is a printer from Ricoh China Investment Co. An unauthorized access vulnerability exists in the RICOH Aficio MP 171 of Ricoh China Investment Co. Ltd. that can be exploited by attackers to obtain sensitive information...
Unauthorized access vulnerability in HP DeskJet 2600 All-in-One Printer series
The HP DeskJet 2600 All-in-One Printer series is an all-in-one printer from HP Trading Shanghai Co. An unauthorized access vulnerability exists in the HP DeskJet 2600 All-in-One Printer series, which can be exploited by attackers to obtain sensitive information...
CVE-2019-10881
The CVE-2019-10881 entry concerns Xerox AltaLink devices (B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070) with firmware before 103.xxx.030.32000. A root cause is two hard-coded weak accounts that enable unauthorized access, which cannot be disabled. Impact is high: unauthenticate...
PRET
The repository michaelxiaxc/PRET is a Printer Exploitation Toolkit that allows users to test the security of their printers. The tool connects to a device via network or USB and exploits the features of a given printer language, currently supporting PostScript, PJL, and PCL. The main idea of PRET...
RICOH Aficio SP 5200S Printer - 'entryNameIn' HTML Injection
Exploit Title: RICOH Aficio SP 5200S Printer - 'entryNameIn' HTML Injection Discovery by: Paulina Girón Discovery Date: 2020-03-02 Vendor Homepage: https://www.ricoh.com/ Hardware Link: http://support.ricoh.com/bb/html/drute/re2/model/sp52s/sp52s.htm Product Version: RICOH Aficio SP 5200S Printer...
XEROX WorkCentre 7855 Printer - Cross-Site Request Forgery (Add Admin)
Exploit Title: XEROX WorkCentre 7855 Printer - Cross-Site Request Forgery Add Admin Date: 2018-12-19 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.xerox.com/ Hardware Link : https://www.office.xerox.com/en-us/multifunction-printers/workcentre-7800-series/ Software : Xerox Printer...
Xerox AltaLink C8035 Printer - Cross-Site Request Forgery (Add Admin)
Xerox AltaLink C8035 Printer - Cross-Site Request Forgery Add Admin Exploit Title: Xerox AltaLink C8035 Printer - Cross-Site Request Forgery Add Admin Date: 2018-12-17 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.xerox.com/ Hardware Link :...
DEF CON 2019: 35 Bugs in Office Printers Offer Hackers an Open Door
LAS VEGAS — At least 35 significant vulnerabilities in six commonly used enterprise printers have been uncovered, manufactured by HP, Ricoh, Xerox, Lexmark, Kyocera and Brother. The bugs will be presented by NCC Group at a DEF CON session entitled “Why You Should Fear Your Mundane Office Equipmen...
The vulnerability of the hp-plugin driver for HPLIP printers allows a hacker to execute arbitrary code.
The vulnerability of the hp-plugin driver for HPLIP printers is related to the use of a short key identifier GPG from the key server, which is used to verify the loading of the printing plugin. Exploiting this vulnerability allows an attacker to execute arbitrary code...