Remote Firmware Update (RFU) Vulnerability in HP Printers

Remote Firmware Update (RFU) Vulnerability in HP Printers

CVE-2011-4161 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update.

Learn more about our Web Application Penetration Testing UK.