CVE-2009-0940

Name of the Vulnerable Software and Affected Versions HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders (affected versions not specified)

Description The issue concerns multiple cross-site request forgery (CSRF) vulnerabilities. These vulnerabilities allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that print documents, modify the network configuration via a NetIPChange request to "hp/device/config result YesNo.html/config", or change the password via the Password and ConfirmPassword parameters to "hp/device/set config password.html/config".

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.