[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] HP Photosmart vulnerabilities

To: <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] HP Photosmart vulnerabilities
From: <uncleron@xxxxxxxxxxxx>
Date: Fri, 28 Dec 2007 09:16:52 -0600

HP Photosmart C6280 (and probably other) network printers ship with 
insecure default settings.  The printer ships with SNMP enabled 
using the default community strings for both public and private.  
HP does not document the use of SNMP, or provide a way for users to 
change the default community strings.  The printer also includes a 
web based admin tool which runs over http, without even an option 
for ssl.

Several attempts to contact HP have proven futile.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] HP Photosmart vulnerabilities
  - From: Joshua Levitsky
- Re: [Full-disclosure] HP Photosmart vulnerabilities
  - From: Mo.Ron Hubbard

Prev by Date: Re: [Full-disclosure] Troy Riser
Next by Date: Re: [Full-disclosure] HP Photosmart vulnerabilities
Previous by thread: Re: [Full-disclosure] Troy Riser
Next by thread: Re: [Full-disclosure] HP Photosmart vulnerabilities
Index(es):
- Date
- Thread