SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Printer)  >   HP Printer Vendors:   HPE
HP PSC 2510 Printer FTP Server Lets Remote Users Submit Print Jobs
SecurityTracker Alert ID:  1012174
SecurityTracker URL:  http://securitytracker.com/id/1012174
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Nov 11 2004
Original Entry Date:  Nov 11 2004
Impact:   User access via network
Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): PSC 2510; firmware B.25.31 - RL6206xNS
Description:   A vulnerability was reported in the HP PSC 2510 Photosmart printer. A remote user can submit print jobs.

Justin Rush reported that the PSC 2510 includes an FTP server by default. Any remote user can upload a file to the FTP server to cause the device to print the document.

The FTP server cannot be disabled.

Impact:   A remote user can submit files to be printed by the printer.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.hp.com/ (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents

Subject:  Unsecure Ftpd on HP PSC 2510 Printer


Product Name: HP PSC 2510
Summary: Ftp print service is not configurable

	This printer comes with an ftp daemon which allows anonymous
access, and drops the user into a write only directory.  By default
anyone from anywhere can drop a file into this directory and the
printer will print the document.  There is no documentation about
this feature, nor is there anyway to change (enable/disable) it
via any of their software or on the printer itself.  HP Tech.
support says that if you don't want this feature then you should
hook up the printer as a local printer, however this printer
comes with both wireless and wired connectors on the back.

Justin Rush
jrush@scout.wisc.edu

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC